CIS (Center for Internet Security)

The CIS Controls are a prioritized, consensus driven set of 18 critical safeguards accompanied by detailed sub controls, maintained by the Center for Internet Security. Grouped into Implementation Groups for different organizational maturity levels, they offer a prescriptive, task based guide to inventory and secure assets, manage vulnerabilities, control access, and monitor systems. Small and midsize enterprises, as well as larger organizations, you implement CIS Controls when you want to achieve quick, high impact defenses and establish a strong security baseline. Unlike the high level risk management of NIST CSF or the formal ISMS requirements of ISO 27001, CIS Controls focus on actionable, technical steps. They do not carry certification processes like ISO 27001 or the regulatory mandate of PCI DSS but map easily to both and to COBIT’s governance objectives.