The CIS Critical Security Controls (CIS Controls) are a set of best practices for cybersecurity that provide specific and actionable ways to protect against today's most pervasive and dangerous attacks.
The CIS Controls consist of 18 key actions, called critical security controls (CSC), that organisations should implement to block or mitigate known attacks.
The controls are designed so that primarily automated means can be used to implement, enforce, and monitor them.
The CIS Controls are important because they minimise the risk of data breaches, data leaks, theft of intellectual property, corporate espionage, identity theft, privacy loss, denial of service, and other cyber threats.
The CIS Controls have evolved from the consensus list of security controls that security experts believe are the best defensive techniques.
The CIS Controls work in concert with and point to existing independent standards and security recommendations when available, mapping to more than a dozen industry standard frameworks, including SOC2, HIPAA, MITRE ATT&CK, NIST, PCI DSS, and more.
The CIS Controls are a prescriptive, prioritised, and simplified set of best practices that you can use to strengthen your cybersecurity posture.
The CIS Controls are widely used by thousands of cybersecurity practitioners from around the world, and they provide a starting point for any organisation to improve its cybersecurity