20 Critical Security Controls
   HOME

TheInfoList



OR:

The CIS Controls (formerly called the Center for Internet Security Critical Security Controls for Effective Cyber Defense) is a publication of
best practice A best practice is a method or technique that has been generally accepted as superior to alternatives because it tends to produce superior results. Best practices are used to achieve quality as an alternative to mandatory standards. Best practice ...
guidelines for
computer security Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...
. The project was initiated early in 2008 in response to extreme data losses experienced by organizations in the US defense industrial base."Gilligan Group Inc., CAG Background and Participants"
/ref> The publication was initially developed by the
SANS Institute The SANS Institute (officially the Escal Institute of Advanced Technologies) is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for tr ...
and released as the "SANS Top 20." Ownership was then transferred to the Council on Cyber Security (CCS) in 2013, and then transferred to
Center for Internet Security The Center for Internet Security (CIS) is a US 501(c)(3) nonprofit organization, formed in October 2000. Its mission statement professes that the function of CIS is to " help people, businesses, and governments protect themselves against pervasi ...
(CIS) in 2015. CIS released version 8 of the CIS Controls in 2021.“CIS Critical Security Controls Version 8, CIS webpage, January 17, 2024
/ref>


Goals

The guidelines consist of 18 (originally 20) key actions, called critical security controls (CSC), that organizations should implement to block or mitigate known attacks. The controls are designed so that primarily automated means can be used to implement, enforce and monitor them.“Understanding Technology Stakeholders: Their Progress and Challenges” by John M. Gilligan, Software Assurance Forum, November 4, 2009
/ref> The security controls give no-nonsense, actionable recommendations for cyber security, written in language that’s easily understood by IT personnel.“Consensus Audit Guidelines: Overview” by Lieberman Software Corporation
/ref> Goals of the Consensus Audit Guidelines include *Leveraging cyber offense to inform cyber defense, focusing on high payoff areas *Ensuring that security investments are focused to counter highest threats *Maximizing the use of automation to enforce security controls, thereby negating human errors *Using consensus process to collect best ideas“Consensus Audit Guidelines: Time to ‘Stop The Bleeding’” by John M. Gilligan, 10th Semi-Annual Software Assurance Forum, March 12, 2009
/ref>


Supported Platforms

CIS Benchmarks cover a wide range of technologies, including: * Operating Systems: Windows, Linux, macOS * Servers: Apache, NGINX, Microsoft IIS * Cloud Platforms: AWS, Azure, Google Cloud Platform * Network Devices: Cisco, Juniper * Applications: Microsoft Office, Google Chrome, Mozilla Firefox


References

{{DEFAULTSORT:CIS Critical Security Controls for Effective Cyber Defense, The Information privacy Security compliance