CIS Controls v8.1
Critical Security Controls for Effective Cyber Defense
Showing 56 safeguards in IG1
Essential cyber hygiene - the minimum standard for all organizations
1 — Inventory and Control of Enterprise Assets (2 safeguards)
2 — Inventory and Control of Software Assets (3 safeguards)
3 — Data Protection (6 safeguards)
4 — Secure Configuration of Enterprise Assets and Software (7 safeguards)
4.1Establish and Maintain a Secure Configuration Process
4.2Establish and Maintain a Secure Configuration Process for Network Infrastructure
4.3Configure Automatic Session Locking on Enterprise Assets
4.4Implement and Manage a Firewall on Servers
4.5Implement and Manage a Firewall on End-User Devices
4.6Securely Manage Enterprise Assets and Software
4.7Manage Default Accounts on Enterprise Assets and Software
5 — Account Management (4 safeguards)
6 — Access Control Management (5 safeguards)
7 — Continuous Vulnerability Management (4 safeguards)
8 — Audit Log Management (3 safeguards)
9 — Email and Web Browser Protections (2 safeguards)
10 — Malware Defenses (3 safeguards)
11 — Data Recovery (4 safeguards)
12 — Network Infrastructure Management (1 safeguards)
14 — Security Awareness and Skills Training (8 safeguards)
14.1Establish and Maintain a Security Awareness Program
14.2Train Workforce Members to Recognize Social Engineering Attacks
14.3Train Workforce Members on Authentication Best Practices
14.4Train Workforce on Data Handling Best Practices
14.5Train Workforce Members on Causes of Unintentional Data Exposure
14.6Train Workforce Members on Recognizing and Reporting Security Incidents
14.7Train Workforce on How to Identify and Report if Their Enterprise Assets are Missing Security Updates
14.8Train Workforce on the Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks