CIS Critical Security Controls (CSC)

What are the Critical Security Controls?

The CIS Critical Security Controls (CIS Controls) is a collection of prioritized cybersecurity best practices, originally developed by the SANS Institute in 2008 and now maintained by the Center for Internet Security. The CIS Controls are updated through an informal community process to ensure that it continues to align with the most effective security controls and the most relevant cyber attacks.

Who is the intended audience?

The CIS Critical Security Controls are intended for organizations of all sizes that are looking for a prioritized approach to defending their organization against cyber attacks. It is a voluntary framework and is not a replacement for any industry standards, regulatory frameworks, or other legal obligations.

Where can I find more information?

The CIS Critical Security Controls can be downloaded from the Center for Internet Security website.

How can runZero help me with these controls?

The following illustrates how runZero aligns with the CIS Critical Security Controls v8. Where Strong alignment is noted, runZero can play a significant role in helping an organization implement safeguards. Where Partial alignment is noted, runZero can play a complementary role in helping an organization implement safeguards.