CIS Critical Security Controls
IT organized according to information security framework is secure and reliable. The CIS Critical Security Controls (CIS Controls®) are a prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your cybersecurity posture.
Advantages of CIS Critical Security Controls
- Suitable for small and medium-siszed businesses.
- Provides practical guidance on what to do and how to do it.
- The 153 security measures are divided into three implementation groups, taking into account not only the level of risk mitigation but also the resource requirements for implementing the measures.
- You can choose the implementation group based on size, needs and data sensitivity of your company.
- CIS has developed a range of tools to facilitate faster and smoother implementation.
- Mapping has been created to compare CIS security measures with other information security standards and frameworks, such as ISO 27001, NIST, etc.
CIS Controls® Implementation Groups
In CIS Controls version 8, there are a total of 18 controls. These controls consist of 153 security measures divided into 3 implementation groups.
Implementation Group 1 – Basic Cyber Hygiene
Includes 56 security measures that could be implemented in any organization. Implementing the first implementation group is the initial step in improving cybersecurity.
Implementation Group 2 – For Complex Organizations
Adds 74 additional security measures to the first implementation group. Suitable for organizations whose level of information security is determined by legal requirements and customer demands.
Implementation Group 3
– For Organizations Processing Highly Sensitive Data
Adds 23 additional security measures to the second implementation group. This group includes organizations that process highly sensitive data and have a high level of risk.
CIS Benchmarks™ Secure Configuration Guidelines
CIS Benchmarks is a collection of secure configuration guidelines for strengthening operating systems, servers, cloud environments, and more.
CIS Benchmarks include over 100 benchmarks across fourteen technology groups.
Why choose CIS Controls?
Small and medium-sized enterprises face two main challenges when implementing most information security standard and frameworks:
- Many information security management systems, such as ISO 27000 series, NIST, GDPR, SOC2, COBIT, HITRUST, and E-ITS (Estonian Information Security Standard – primarily designed for the public sector), are intended for large organizations, requiring significant time and resources for implementation.
- Frameworks often lack detailed guidance and a clear starting point, leaving small and medium-sized enterprises unsure of how to address specific information security topics.
CIS Controls framework is well-suited for small and medium-sized enterprises, offering a manageable approach to implementation. You can choose and implementation group with reasonable security measures tailored to your company's size and needs.
CIS Controls framework provides clear understanding of which cyber security measures offer maximum protection against today's cyber threats.
BRS Networks Baltic is a member of CIS SecureSuite®.
We offer analysis and protection services for customers' IT systems. Our membership provides access to tools that streamline the implementation of information security best practices.Get in touch Cyber security roadmapThe CIS mission
Our mission is to make the connected world a safer place by developing, validating, and promoting timely best practice solutions that help people, businesses, and governments protect themselves against pervasive cyber threats.