CIS Top 18 Controls

What is the CIS Top 18?

Most organizations that handle consumer data or are vulnerable to cyberattacks are legally required to meet the appropriate security compliance standards. However, this does not apply to every single organization and IT department. In order to set a standard and provide a guide, the Center for Internet Security Critical Security Controls (henceforth referred to as the CIS Top 18) was published.

The CIS Top 18 is a list of 18 actions and practices an organization’s security team can take on such that cyberattacks, or threats, are minimized and prevented. No organization is legally bound to follow the CIS Top 18; however, the controls consist of fundamental steps that all security teams are highly encouraged to implement, in addition to or regardless of regulatory compliance.

The CIS Top 18 Controls

The following are the actions, as presented by the Center for Internet Security:

  • CIS Control 1: Inventory and Control of Enterprise Assets
  • CIS Control 2: Inventory and Control of Software Assets
  • CIS Control 3: Data Protection
  • CIS Control 4: Secure Configuration of Enterprise Assets and Software
  • CIS Control 5: Account Management
  • CIS Control 6: Access Control Management
  • CIS Control 7: Continuous Vulnerability Management
  • CIS Control 8: Audit Log Management
  • CIS Control 9: Email Web Browser and Protections
  • CIS Control 10: Malware Defenses
  • CIS Control 11: Data Recovery
  • CIS Control 12: Network Infrastructure Management
  • CIS Control 13: Network Monitoring and Defense
  • CIS Control 14: Security Awareness and Skills Training
  • CIS Control 15: Service Provider Management
  • CIS Control 16: Application Software Security
  • CIS Control 17: Incident Response Management
  • CIS Control 18: Penetration Testing

Cybersecurity Should be an Advantage, not a Cost Center. Let’s Get to Work.