CIS Critical Security Controls

Follow our prioritized set of actions to protect your organization and data from cyber-attack vectors.

CIS Controls® at a Glance

The CIS Critical Security Controls (CIS Controls) are a prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your cybersecurity posture. Today, thousands of cybersecurity practitioners from around the world use the CIS Controls and/or contribute to their development via a community consensus process.

With the CIS Controls, You Can...

Simplify Your Approach to Threat Protection

The CIS Controls consist of Safeguards that each require you to do one thing. This simplified cybersecurity approach is proven to help you defend against today's top threats. Learn more in our CIS Community Defense Model v2.0.

Comply with Industry Regulations

By implementing the CIS Controls, you create an on-ramp to comply with PCI DSS, HIPAA, GDPR, and other industry regulations. View our Mapping and Compliance page for more information.

Achieve Essential Cyber Hygiene

Almost all successful cyber attacks exploit “poor cyber hygiene” like unpatched software, poor configuration management, and outdated solutions. The CIS Controls include foundational security measures that you can use to achieve essential hygiene and protect yourself against a cyber attack.

Abide by the Law

Multiple U.S. States require executive branch agencies and other government entities to implement cybersecurity best practices. Several of them specifically mention the CIS Controls as a way of demonstrating a "reasonable" level of security. 

Translate Information into Action

Modern systems and software are dynamic in nature. By enacting the CIS Controls, you support your assets' evolving needs in a meaningful way and align your security efforts with your business goals.

Expert guidance to navigate SEC readiness

New regulations apply new pressures. Are you ready?

Navigate SEC breach disclosure rules with confidence

We’ve been at the front lines of some of the world’s worst cyber incidents. Our experience, unparalleled threat intelligence, and industry leading technology make us a partner you can rely on.

Harden your environment

IDENTIFY RISK - Identify risk factors in your security environment that could lead to a significan security breach.

PRIORITIZE DEFENSES - Ensure the right processes are in place to shore up defenses by risk priority.

UNDERSTAND YOUR GAPS - Know where to apply and maximize your resources to boost defenses.

Demystify materiality

  • UNDERSTAND MATERIALITY - Explore key considerations on materiality specific to your environment, datasets, and operations.

  • TEST AND VALIDATE DEFENSES - Increase your resilience through breach simulations that test your people, processes, and security program.

  • PREPARE FOR AN 8-K FILING - Prepare to align with SEC 8-K disclosure requirements, and confidently know when and how disclosure should take place.