CIS Critical Security Controls (CSC)

What are the Critical Security Controls?

The CIS Critical Security Controls (CIS Controls) is a collection of prioritized cybersecurity best practices, originally developed by the SANS Institute in 2008 and now maintained by the Center for Internet Security. The CIS Controls are updated through an informal community process to ensure that it continues to align with the most effective security controls and the most relevant cyber attacks.

Who is the intended audience?

The CIS Critical Security Controls are intended for organizations of all sizes that are looking for a prioritized approach to defending their organization against cyber attacks. It is a voluntary framework and is not a replacement for any industry standards, regulatory frameworks, or other legal obligations.

Where can I find more information?

The CIS Critical Security Controls can be downloaded from the Center for Internet Security website.

How can runZero help me with these controls?

The following illustrates how runZero aligns with the CIS Critical Security Controls v8. Where Strong alignment is noted, runZero can play a significant role in helping an organization implement safeguards. Where Partial alignment is noted, runZero can play a complementary role in helping an organization implement safeguards.

No Control Strong alignment Partial alignment
01 Inventory and Control of Enterprise Assets
02 Inventory and Control of Software Assets
03 Data Protection
04 Secure Configuration of Enterprise Assets and Software
05 Account Management
06 Access Control Management
07 Continuous Vulnerability Management
08 Audit Log Management
09 Email and Web Server Protection
10 Malware Defenses
11 Data Recovery
12 Network Infrastructure Management
13 Network Monitoring and Defense
14 Security Awareness and Skills Training
15 Service Provider Management
16 Application Software Security
17 Incident Response Management
18 Penetration Testing