CIS-CONTROLS
The top 18 priority cyber controls — pragmatic, measurable.
Definition
CIS Controls v8.1 (2024) covers: 01 Asset Inventory, 02 Software Inventory, 03 Data Protection, 04 Secure Config, 05 Access Control, 06 Access Management, 07 Vuln Mgmt, 08 Audit Logs, 09 Email Defense, 10 Malware Defense, 11 Data Recovery, 12 Network Infrastructure, 13 Network Monitoring, 14 Security Awareness, 15 Service Provider Mgmt, 16 App Software Security, 17 Incident Response, 18 Pen Testing. More practical than NIST CSF.
Origin
Originally SANS Top 20 published in 2008 by SANS Institute. Transferred to Center for Internet Security in 2015. V8 in 2021, v8.1 in 2024.
Example in context
An EDI programme showing 95 % coverage of CIS v8.1 18 controls in its annual audit.
Related terms
- NIST CSF — strategic parent framework.