Learn

CIS Controls v8

Browse 153 published controls in this framework.

Control IDTitle
1.1CIS 1.1: Enterprise Asset Inventory Management
1.2CIS 1.2: Address Unauthorized Assets | GRCWatch
1.3CIS 1.3: Active Discovery Tool for Asset Management
1.4CIS 1.4: DHCP Logging for Asset Inventory
1.5CIS 1.5: Passive Asset Discovery Tool | Compliance
10.1CIS 10.1: Deploy Anti-Malware Software | GRCWatch
10.2CIS 10.2: Auto Anti-Malware Signature Updates
10.3CIS 10.3: Disable Autorun & Autoplay for Removable Media
10.4CIS 10.4: Auto Anti-Malware Scanning for Removable Media
10.5CIS 10.5: Enable Anti-Exploitation Features | GRCWatch
10.6CIS 10.6: Centrally Manage Anti-Malware Software
10.7CIS 10.7: Behavior-Based Anti-Malware Software
11.1CIS 11.1: Data Recovery Process | GRCWatch
11.2CIS 11.2: Automated Backups | Compliance Guide
11.3CIS 11.3: Protect Recovery Data | Compliance Guide
11.4CIS 11.4: Isolated Recovery Data Backups
11.5CIS 11.5: Test Data Recovery | Backup Compliance
12.1CIS 12.1: Keep Network Infrastructure Current
12.2CIS 12.2: Secure Network Architecture | GRCWatch
12.3CIS 12.3: Secure Network Infrastructure Management
12.4CIS 12.4: Architecture Diagrams & Network Documentation
12.5CIS 12.5: Centralize Network AAA Authentication
12.6CIS 12.6: Secure Network Management & Protocols
12.7CIS 12.7: Remote Device VPN Authentication | GRCWatch
12.8CIS 12.8: Dedicated Admin Computing Resources
13.1CIS 13.1: Centralize Security Event Alerting | GRCWatch
13.10CIS 13.10: Application Layer Filtering for SMBs
13.11CIS 13.11: Tune Security Event Alerting Thresholds
13.2CIS 13.2: Host-Based Intrusion Detection Solution
13.3CIS 13.3: Deploy Network Intrusion Detection | GRCWatch
13.4CIS 13.4: Network Traffic Filtering Between Segments
13.5CIS 13.5: Remote Asset Access Control | GRCWatch
13.6CIS 13.6: Network Traffic Flow Logs Collection
13.7CIS 13.7: Host-Based Intrusion Prevention | GRCWatch
13.8CIS 13.8: Network Intrusion Prevention Deployment
13.9CIS 13.9: Port-Level Access Control | GRCWatch
14.1CIS 14.1: Security Awareness Program | GRCWatch
14.2CIS 14.2: Social Engineering Attack Recognition Training
14.3CIS 14.3: Authentication Training for Workforce Security
14.4CIS 14.4: Data Handling Training for Your Workforce
14.5CIS 14.5: Train Workforce on Data Exposure Prevention
14.6CIS 14.6: Security Incident Recognition & Reporting Training
14.7CIS 14.7: Security Updates Training & Patch Management
14.8CIS 14.8: Insecure Network Training for Workforce Security
14.9CIS 14.9: Role-Specific Security Awareness Training
15.1CIS 15.1: Service Provider Inventory Management
15.2CIS 15.2: Service Provider Management Policy | GRCWatch
15.3CIS 15.3: Classify Service Providers | GRCWatch
15.4CIS 15.4: Service Provider Security Contract Requirements
15.5CIS 15.5: Assess Service Providers | GRCWatch
15.6CIS 15.6: Monitor Service Providers | GRCWatch
15.7CIS 15.7: Secure Service Provider Decommissioning
16.1CIS 16.1: Secure Application Development Process
16.10CIS 16.10: Secure Design Principles in Application Architectures
16.11CIS 16.11: Vetted Application Security Modules
16.12CIS 16.12: Code-Level Security Checks Implementation
16.13CIS 16.13: Application Penetration Testing | GRCWatch
16.14CIS 16.14: Threat Modeling for Secure Development
16.2CIS 16.2: Software Vulnerability Management Process
16.3CIS 16.3: Root Cause Analysis for Security Vulnerabilities
16.4CIS 16.4: Application Inventory Management | GRCWatch
16.5CIS 16.5: Third-Party Component Management & Vulnerability Control
16.6CIS 16.6: Vulnerability Severity Rating System
16.7CIS 16.7: Standard Hardening Configuration Templates
16.8CIS 16.8: Separate Production & Non-Production Systems
16.9CIS 16.9: Developer Application Security Training
17.1CIS 17.1: Designate Incident Handling Personnel
17.2CIS 17.2: Establish Security Incident Reporting Contacts
17.3CIS 17.3: Enterprise Incident Reporting Process
17.4CIS 17.4: Incident Response Process | GRCWatch
17.5CIS 17.5: Assign Key Roles and Responsibilities
17.6CIS 17.6: Incident Response Communication Mechanisms
17.7CIS 17.7: Routine Incident Response Exercises
17.8CIS 17.8: Post-Incident Reviews for Compliance
17.9CIS 17.9: Security Incident Thresholds | GRCWatch
18.1CIS 18.1: Penetration Testing Program | GRCWatch
18.2CIS 18.2: External Penetration Testing | GRCWatch
18.3CIS 18.3: Remediate Penetration Test Findings
18.4CIS 18.4: Validate Security Measures | Penetration Testing
18.5CIS 18.5: Internal Penetration Testing | GRCWatch
2.1CIS 2.1: Software Inventory Management for SMBs
2.2CIS 2.2: Ensure Authorized Software is Currently Supported
2.3CIS 2.3: Remove Unauthorized Software | GRCWatch
2.4CIS 2.4: Automated Software Inventory Tools | GRCWatch
2.5CIS 2.5: Allowlist Authorized Software | GRCWatch
2.6CIS 2.6: Allowlist Authorized Libraries | GRCWatch
2.7CIS 2.7: Allowlist Authorized Scripts | GRCWatch
3.1CIS 3.1: Data Management Process | GRCWatch
3.10CIS 3.10: Encrypt Sensitive Data in Transit | GRCWatch
3.11CIS 3.11: Encrypt Sensitive Data at Rest | Compliance Guide
3.12CIS 3.12: Data Segmentation by Sensitivity | GRCWatch
3.13CIS 3.13: Deploy Data Loss Prevention Solution
3.14CIS 3.14: Log Sensitive Data Access | Compliance Guide
3.2CIS 3.2: Data Inventory | GRCWatch
3.3CIS 3.3: Data Access Control Lists | GRCWatch
3.4CIS 3.4: Enforce Data Retention Policy | GRCWatch
3.5CIS 3.5: Secure Data Disposal | GRCWatch
3.6CIS 3.6: Encrypt Data on End-User Devices | Compliance Guide
3.7CIS 3.7: Data Classification Scheme | GRCWatch
3.8CIS 3.8: Document Data Flows | Compliance Guide
3.9CIS 3.9: Encrypt Data on Removable Media
4.1CIS 4.1: Secure Configuration Process for Enterprise Assets
4.10CIS 4.10: Automatic Device Lockout for Portable Devices
4.11CIS 4.11: Remote Wipe for Portable Devices | GRCWatch
4.12CIS 4.12: Mobile Enterprise Workspace Separation
4.2CIS 4.2: Secure Network Configuration Process
4.3CIS 4.3: Automatic Session Locking Configuration
4.4CIS 4.4: Implement & Manage Server Firewalls
4.5CIS 4.5: Host Firewall & Port Filtering for Endpoints
4.6CIS 4.6: Securely Manage Enterprise Assets & Software
4.7CIS 4.7: Manage Default Accounts on Enterprise Assets
4.8CIS 4.8: Disable Unnecessary Services | Compliance Guide
4.9CIS 4.9: Configure Trusted DNS Servers | GRCWatch
5.1CIS 5.1: Account Inventory Management for SMBs
5.2CIS 5.2: Unique Passwords for Enterprise Assets
5.3CIS 5.3: Disable Dormant Accounts | Compliance Guide
5.4CIS 5.4: Restrict Administrator Privileges | GRCWatch
5.5CIS 5.5: Service Account Inventory Management
5.6CIS 5.6: Centralize Account Management | GRCWatch
6.1CIS 6.1: Automated Access Granting Process
6.2CIS 6.2: Automated Access Revoking Process | GRCWatch
6.3CIS 6.3: MFA for External Applications | Compliance Guide
6.4CIS 6.4: MFA for Remote Network Access | GRCWatch
6.5CIS 6.5: MFA for Administrative Access | GRCWatch
6.6CIS 6.6: Authentication & Authorization Inventory
6.7CIS 6.7: Centralize Access Control | GRCWatch
6.8CIS 6.8: Role-Based Access Control | GRCWatch
7.1CIS 7.1: Vulnerability Management Process | GRCWatch
7.2CIS 7.2: Establish & Maintain Remediation Process
7.3CIS 7.3: Automated OS Patch Management for SMBs
7.4CIS 7.4: Automated Application Patch Management
7.5CIS 7.5: Automated Vulnerability Scans | GRCWatch
7.6CIS 7.6: Automated Vulnerability Scans for External Assets
7.7CIS 7.7: Remediate Detected Vulnerabilities | GRCWatch
8.1CIS 8.1: Audit Log Management Process | Compliance Guide
8.10CIS 8.10: Retain Audit Logs for 90+ Days
8.11CIS 8.11: Audit Log Reviews for Threat Detection
8.12CIS 8.12: Collect Service Provider Logs | GRCWatch
8.2CIS 8.2: Collect Audit Logs | Compliance Guide
8.3CIS 8.3: Audit Log Storage Compliance
8.4CIS 8.4: Time Synchronization for Compliance
8.5CIS 8.5: Collect Detailed Audit Logs | GRCWatch
8.6CIS 8.6: DNS Query Audit Logs for Malicious Domain Detection
8.7CIS 8.7: URL Request Audit Logs | Malicious Site Detection
8.8CIS 8.8: Command-Line Audit Logs Collection
8.9CIS 8.9: Centralize Audit Logs | GRCWatch
9.1CIS 9.1: Enforce Supported Browsers & Email Clients
9.2CIS Control 9.2: DNS Filtering Services for Malware Protection
9.3CIS 9.3: Network URL Filtering | GRCWatch
9.4CIS 9.4: Restrict Browser & Email Extensions | Compliance
9.5CIS 9.5: Implement DMARC for Email Security
9.6CIS 9.6: Block Unnecessary File Types | Email Security
9.7CIS 9.7: Email Server Anti-Malware Protections