Top 20 Critical Security Controls

 Reduce your cybersecurity risk and mature your organization's cybersecurity posture with our Enterprise Security Audit

Reduce your cybersecurity risk and mature your organization's cybersecurity posture with our Enterprise Security Audit

Center for Internet Security Controls (CISC) 1-6 below are known as the Basic CIS Controls.  Studies show that organizations with a handle on the Basic controls are roughly 90% less likely to suffer a breach.

CIS Basic Controls:

CISC 1:  Inventory and Control of Hardware Assets
CISC 2:  Inventory and Control of Software Assets
CISC 3:  Continuous Vulnerability Management
CISC 4:  Controlled Use of Administrative Privileges
CISC 5:  Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers
CISC 6:  Maintenance, Monitoring and Analysis of Audit Logs

CIS Foundational Controls:

CISC 7:  Email and Web Browser Protections
CISC 8:  Malware Defenses
CISC 9:  Limitation and Control of Network Ports, Protocols, and Services
CISC 10:  Data Recovery Capabilities
CISC 11:  Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
CISC 12:  Boundary Defense
CISC 13:  Data Protection
CISC 14:  Controlled Access Based on the Need to Know
CISC 15:  Wireless Access Control
CISC 16:  Account Monitoring and Control

CIS Organizational Controls:

CISC 17:  Implement a Security Awareness and Training Program
CISC 18:  Application Software Security
CISC 19:  Incident Response and Management
CISC 20:  Penetration Tests and Red Team Exercises

CISv7.png

This list is based on version 7 of the Center for Internet Security Controls for Effective Cyber Defense.  This list changes periodically in order and content, based on the latest technologies and latest threats/attacks.

### -->