-
Notifications
You must be signed in to change notification settings - Fork 11
05 CIS18 and Basic Security Controls
The CIS Critical Security Controls (CIS18) are a prioritized set of cybersecurity best practices developed by the Center for Internet Security (CIS). They help organizations of all sizes defend against common and impactful cyber threats by focusing on actions that provide the most risk reduction. Each control is actionable and mapped to real-world attack scenarios.
Below are the 18 controls, with definitions and how they help secure your organization:
Definition: Maintain an accurate inventory of all devices (servers, laptops, desktops, mobile, IoT, etc.) connected to your organization’s network.
How it helps: You can’t protect what you don’t know exists. An accurate inventory allows you to spot unauthorized devices and ensure all endpoints are managed and secured.
Definition: Track and manage all authorized and unauthorized software installed on organizational systems.
How it helps: Reduces risk from unapproved or vulnerable software and helps prevent malware installation.
Definition: Safeguard sensitive data throughout its lifecycle—collection, storage, processing, and transmission.
How it helps: Protects against data breaches and unauthorized access, ensuring compliance and trust.
Definition: Establish and maintain secure settings for hardware and software, and eliminate default or insecure configurations.
How it helps: Reduces vulnerabilities and makes it harder for attackers to exploit weak configurations.
Definition: Manage the lifecycle of user and service accounts—creation, use, monitoring, and deletion.
How it helps: Prevents unauthorized access and limits potential damage from compromised accounts.
Definition: Limit access to systems and data based on need-to-know and least privilege principles.
How it helps: Reduces the chance of insider threats or misuse by ensuring users only access what they need.
Definition: Identify, prioritize, and remediate software vulnerabilities in your systems on an ongoing basis.
How it helps: Prevents attackers from exploiting known weaknesses by ensuring timely patching and mitigation.
Definition: Collect, review, and retain logs of system activity to support detection, investigation, and response.
How it helps: Provides crucial evidence during incidents and helps detect suspicious activity early.
Definition: Defend against phishing and malware by securing email systems and browser use.
How it helps: Reduces risk from common attack vectors like malicious links, attachments, and compromised websites.
Definition: Implement anti-malware tools and techniques across endpoints and systems.
How it helps: Detects and blocks known malware, limiting infections and their spread.
Definition: Maintain reliable, secure, and tested backup solutions for critical data and systems.
How it helps: Enables recovery from ransomware, hardware failure, or accidental data loss.
Definition: Secure and actively manage network devices (routers, switches, firewalls, etc.) and their configurations.
How it helps: Prevents attackers from exploiting network weaknesses and improves overall network resilience.
Definition: Monitor network traffic for signs of malicious activity and respond appropriately.
How it helps: Early detection of attacks, compromised systems, or policy violations.
Definition: Educate users and IT staff on security best practices and current threats.
How it helps: Reduces human error and empowers users to recognize and report suspicious activity.
Definition: Assess and monitor the security of third-party service providers and vendors.
How it helps: Reduces supply chain risk by ensuring your partners maintain good security practices.
Definition: Integrate security into the software development lifecycle (SDLC) and manage application vulnerabilities.
How it helps: Prevents attackers from exploiting software bugs or insecure development practices.
Definition: Develop and test plans for detecting, responding to, and recovering from security incidents.
How it helps: Enables quick and effective responses to minimize the impact of breaches or attacks.
Definition: Simulate attacks to identify and address vulnerabilities before real attackers find them.
How it helps: Validates your security controls and reveals gaps in defenses.
| # | Control Name | Purpose |
|---|---|---|
| 1 | Inventory of Enterprise Assets | Find/manage all devices |
| 2 | Inventory of Software Assets | Track/manage all software |
| 3 | Data Protection | Secure sensitive data |
| 4 | Secure Configurations | Harden systems & software |
| 5 | Account Management | Control user/service accounts |
| 6 | Access Control Management | Restrict access to least privilege |
| 7 | Vulnerability Management | Patch/remediate vulnerabilities |
| 8 | Audit Log Management | Monitor and investigate activity |
| 9 | Email & Web Protections | Block phishing/malware threats |
| 10 | Malware Defenses | Detect/block malware |
| 11 | Data Recovery | Restore from incidents |
| 12 | Network Infrastructure Management | Secure/manage network devices |
| 13 | Network Monitoring & Defense | Detect/stop network threats |
| 14 | Security Awareness Training | Educate and empower users |
| 15 | Service Provider Management | Assess vendor security |
| 16 | Application Security | Secure in-house/3rd-party apps |
| 17 | Incident Response Management | Plan and recover from incidents |
| 18 | Penetration Testing | Test and improve defenses |
References/Resources:
- Home
- Contributing
- 01 - Getting Started
- 02 - Understanding Business Risk
- 03 - Understanding the Adversary
- 04 - Mapping Attack Surface
- 05 - CIS18 and Basic Security Controls
- 06 - Security Architecture and Engineering
- 07 - Product and Software Security
- 08 - Secure Business Process Design
- 09 - Identity and Access Management
- 10 - Security Management
- 11 - Security Leadership
- 12 - Governance Risk and Compliance
- 13 - Security Awareness
- 14 - Security Operations - SOC
- 15 - Response - IR
- 16 - Business Continuity Planning - BCP
- 17 - Disaster Recovery - DR
- 18 - Vulnerability Management and Risk
- 19 - Frameworks and Standards
- 20 - Careers - The Road to CISO
- 21 - Cyber Insurance
- 22 - Resources