Glossary

    [resources, glossary, cis-controls]

    it asset management

    CIS Controls

    What are CIS Controls?

    CIS Security Controls “are a prioritized set of Safeguards to mitigate the most prevalent cyber attacks against systems and networks,” according to the Center for Internet Security (CIS). Developed by a global IT community, CIS Controls are a prioritized set of actions and best practices trusted by security leaders in both the public and private sector.

    How many CIS Controls are there?

    CIS Controls version 8 has combined and consolidated the CIS Controls by activities. This consolidation has reduced the number of CIS controls from 20 to 18. The CIS Controls are:

    • CIS Control 1: Inventory and Control of Enterprise Assets
    • CIS Control 2: Inventory and Control of Software Assets
    • CIS Control 3: Data Protection
    • CIS Control 4: Secure Configuration of Enterprise Assets and Software
    • CIS Control 5: Account Management
    • CIS Control 6: Access Control Management
    • CIS Control 7: Continuous Vulnerability Management
    • CIS Control 8: Audit Log Management
    • CIS Control 9: Email and Web Browser Protections
    • CIS Control 10: Malware Defenses
    • CIS Control 11: Data Recovery
    • CIS Control 12: Network Infrastructure Management
    • CIS Control 13: Network Monitoring and Defense
    • CIS Control 14: Security Awareness and Skills Training
    • CIS Control 15: Service Provider Management
    • CIS Control 16: Application Software Security
    • CIS Control 17: Incident Response Management
    • CIS Control 18: Penetration Testing

    Why are CIS Controls important?

    The CIS Controls are important because they reduce the risk of data breaches, identity theft, privacy loss, and other cyber attacks.

    Learn how cybersecurity asset management from Axonius helps you maintain  all of the CIS Controls.