Overview
The CIS (Center for Internet Security) Critical Security Controls are a prioritized set of actions that collectively form a defense-in-depth set of best practices that mitigate the most common cyberattacks. They are developed by a global community of IT professionals.
Prioritization
The controls are organized into three Implementation Groups (IGs) based on the size and resources of the organization. IG1 represents 'Essential Cyber Hygiene.'
Examples of Controls
- Inventory and Control of Enterprise Assets.
- Data Protection.
- Secure Configuration of Enterprise Assets and Software.
- Continuous Vulnerability Management.
- Audit Log Management.