The CIS Critical Security Controls (CIS Controls) are a concise, prioritized set of cyber practices created to stop today’s most pervasive and dangerous cyber attacks. The CIS Controls are developed, refined, and validated by a community of leading experts from around the world. Organizations that apply just the first five CIS Controls can reduce their risk of cyberattack by around 85 percent. Implementing all 20 CIS Controls increases the risk reduction to around 94 percent.
CIS Controls
What is CIS Controls?
The CIS Controls embrace the Pareto 80/20 Principle, the idea that taking just a small portion of all the security actions you could possibly take, yields a very large percentage of the benefit of taking all those possible actions.
The Problem
Security Breaches
Credit Card breaches, identity theft, ransomware & loss of privacy are now everyday news.
Lacking Cybersecurity
Organizations lack effective cybersecurity practices & policies.
The “Fog of More”
The ‘Fog of More’ overwhelms organizations facing cybersecurity decisions.
The Solution
CIS Controls
The Critical Security Controls started as a grass-roots activity in 2008.
Focused Intervention
Focused on the most critical actions organizations should take, informed by experts & real threat data.
The Pareto Principle
Embodies the Pareto Principle, an “80/20 Rule” to emphasize the most valuable security actions.
How they are created
Experienced views
The CIS Controls were developed by an international, grass-roots consortium bringing together companies, government agencies, institutions, and individuals from every part of the ecosystem.
Various fields insights
The expert volunteers who develop the Controls apply their first-hand experience to develop the most effective actions for cyber defense.
International Movement
The CIS Controls have matured into an international movement of individuals & institutions, adopted by thousands of global enterprises, large and small.
What they are
18 Controls
A set of 18 scalable & data-driven guidelines to ensure an organization’s security.
Actions for cyber defense
Practical steps proven to mitigate the most common attacks & reduce corporate risk.
Security implementations
Can be implemented into any organization to ensure compliance with leading security frameworks.