Center for Internet Security
Introduction
Last Updated: April 18, 2022The Center for Internet Security (CIS) is a nonprofit organization created in 2000 to protect people and organizations from cyber threats. They set standards to safeguard systems and networks from data theft. Any organization that is looking to secure its systems and networks may implement the CIS framework. CIS provides set standards to prevent IT...
Control 3
Last Updated: April 18, 2022Data Protection Data privacy has become increasingly important, and organizations are learning that privacy is not just encryption, it is about proper use and management of data. Data must be appropriately managed through its entire life cycle. It helps develop controls and processes to identify, classify, securely handle, retain, and dispose of data. The safeguard...
Control 4
Last Updated: April 18, 2022Secure Configuration of Enterprise Assets and Software This control helps maintain the secure configuration of an enterprise asset over the life cycle of enterprise assets and software. It should be managed continually to avoid degrading security. The safeguard measures for control 4 broadly deals with topics like 1. Secure configuration process 2. Firewall implementation and...
Control 6
Last Updated: April 18, 2022Access Control Management It deals with with managing what access accounts have. This ensures that users only get access to the data or enterprise assets that are appropriate for their job role. This ensures that there is strong authentication for critical or sensitive enterprise data. This limits greater risk to enterprise assests and data. The...
Control 7
Last Updated: April 18, 2022Continuous Vulnerability Management It allows continuous assess and tracking of vulnerabilities on all enterprise assets in order to remediate and minimize attackers from accessing the enterprise assets and data. The safeguard measures for control 7 broadly deals with topics like 1. Vulnerability management and remediation process 2. System and application patch management process
Control 8
Last Updated: April 18, 2022Audit Log Management There are two types of logs that are treated and often configured independently. They are: system logs and audit logs. Audit logs include user-level events like- when a user logged in or accessed a file. The safeguard measures for control 8 discusses the aspects of audit management process, including audit log ,...
Control 11
Last Updated: April 18, 2022Data Recovery It involves data recovery practices sufficient to restore in-scope enterprise assets The safeguard measures for control 11 broadly deals with topics like 1. Data recovery process 2. Data backup 3. Test of data recovery
Control 14
Last Updated: April 18, 2022Security Awareness and Skills Training It involves maintaining of a security awareness program in order to influence employees to be security conscious and properly skilled. This helps reduce cybersecurity risks to the organization. The safeguard measures for control 14 broadly deals with topics like 1. Security awareness program 2. Train work force in authentication and...
Control 15
Last Updated: April 18, 2022Service Provider Management Third-party breaches affect organizations significantly. Data security and privacy regulations protection should be extended to third-party service providers to avoid such incidents happening. The safeguard measures for control 14 broadly deals with topics like 1. Service provider information management 2. Service provider policy management 3. Classification, assessment and monitoring the service providers
Control 16
Last Updated: April 18, 2022Application Software Security It involves managing the security life cycle of in-house developed, hosted, or acquired software in order to prevent, detect, and remediate security weaknesses before it can impact the enterprise. Safeguard measure for control 16 is as follows 1. Software application management process 2. Software and security vulnerabilities. 3. Root cause analysis of...
Control 17
Last Updated: April 18, 2022Incident Response Management This control provides high-priority steps that helps improve enterprise security, and it should be a part of a comprehensive incident and response plan. The safeguard measures for control 17 broadly deals with topics like 1. Incident management system 2. Reporting facility for incident 3. Incident response map
Control 18
Last Updated: April 18, 2022Penetration Testing This involves identifying and exploiting weekness of controls to check the effectiveness and resilience of enterprise assests. The safeguard measures for control 18 discusses about penetration testing and management process.
Download the Framework
Last Updated: April 18, 2022CIS Controls Checklist Reference CIS Controls Version 8
