Center for Internet Security Controls
A prioritized set of cybersecurity best practices and defensive actions. CIS Controls v8 provides 18 control categories with 153 safeguards mapped to implementation groups.
CIS Controls are organized into three Implementation Groups (IGs) based on organizational size and risk profile. IG1 defines essential cyber hygiene, while IG2 and IG3 add controls for more complex environments.
Inventory of enterprise and software assets, data protection, secure configuration, account management, and access control.
Email and web browser protections, malware defenses, data recovery, network infrastructure management, and security awareness.
Application software security, incident response management, penetration testing, and security service provider management.
Determine your appropriate IG level and get a prioritized roadmap of controls to implement based on your risk profile.
Map your existing security controls to CIS Safeguards, identifying which of the 153 safeguards you already satisfy.
See how CIS Controls map to SOC 2, ISO 27001, and NIST CSF, reducing duplicate effort across compliance programs.
Other Frameworks
Upload your policies, connect your systems, and let iQ Pulse map your controls to CIS requirements automatically. Audit-ready in weeks, not months.