CIS Security

CIS Security Controls Framework (CIS Controls)

The CIS Security Controls Framework is a globally recognised set of 18 prioritised cybersecurity best practices designed to help organisations strengthen their security posture and defend against the most prevalent cyber threats. Developed through an international community consensus, the CIS Controls provide clear, actionable safeguards that improve cyber hygiene, reduce risk, and support compliance with standards such as NIST CSF, ISO 27001, HIPAA, PCI DSS, and GDPR.

The framework is practical, scalable, and especially effective for small and medium‑sized organisations seeking a structured, cost‑efficient path to stronger cybersecurity

What the Framework Includes

1. 18 CIS Controls (Top‑Level Safeguards)

These cover the full spectrum of cybersecurity, including:

• Asset inventory

• Secure configuration

• Data protection

• Access control

• Vulnerability management

• Logging and monitoring

• Incident response

• Security awareness training

Each control contains sub‑safeguards — specific, measurable actions.

2. Implementation Groups (IG1, IG2, IG3)

These groups help organisations adopt the controls based on their size, resources, and risk level:

• IG1 — Basic Cyber Hygiene (ideal for SMEs)

• IG2 — Enhanced Safeguards

• IG3 — Advanced, enterprise‑level protections

3. Prioritised, Data‑Driven Approach

The CIS Controls focus first on the safeguards that reduce the highest volume of real‑world attacks, including malware, ransomware, web application attacks, and insider misuse.

Why Organisations Use CIS Controls

• Defends against ~86% of common cyberattacks when fully implemented

• Maps to major compliance frameworks (NIST, ISO, PCI DSS, HIPAA)

• Cost‑effective and easy to adopt

• Ideal for small and mid‑size organisations

• Continuously updated based on global threat intelligence