CIS Critical Security Controls (CSC)
What are the Critical Security Controls?
The CIS Critical Security Controls (CIS Controls) is a collection of prioritized cybersecurity best practices, originally developed by the SANS Institute in 2008 and now maintained by the Center for Internet Security. The CIS Controls are updated through an informal community process to ensure that it continues to align with the most effective security controls and the most relevant cyber attacks.
Who is the intended audience?
The CIS Critical Security Controls are intended for organizations of all sizes that are looking for a prioritized approach to defending their organization against cyber attacks. It is a voluntary framework and is not a replacement for any industry standards, regulatory frameworks, or other legal obligations.
Where can I find more information?
The CIS Critical Security Controls can be downloaded from the Center for Internet Security website.
How can runZero help me with these controls?
The following illustrates how runZero aligns with the CIS Critical Security Controls v8. Where Strong alignment is noted, runZero can play a significant role in helping an organization implement safeguards. Where Partial alignment is noted, runZero can play a complementary role in helping an organization implement safeguards.
|No||Control||Strong alignment||Partial alignment|
|01||Inventory and Control of Enterprise Assets||✔|
|02||Inventory and Control of Software Assets||✔|
|04||Secure Configuration of Enterprise Assets and Software||✔|
|06||Access Control Management|
|07||Continuous Vulnerability Management||✔|
|08||Audit Log Management|
|09||Email and Web Server Protection|
|12||Network Infrastructure Management||✔|
|13||Network Monitoring and Defense|
|14||Security Awareness and Skills Training|
|15||Service Provider Management|
|16||Application Software Security|
|17||Incident Response Management|