CIS Critical Security Controls


The Centre for Internet Security (CIS) serves to make the connected world a safer place by developing, validating and promoting timely best practice solutions that help people, businesses, and governments protect themselves against pervasive cyber threats.

The CIS are a community-driven, non-profit organisation, responsible for CIS Controls and CIS Benchmarks, both of which globally recognised best practices for securing IT systems and data.

CIS lead a global community of IT security professionals, with the goal of continuously evolving these standards, as well as providing products and services to proactively safeguard against emerging threats.

What Are CIS Controls?

Organisational CIS Controls

  • Implement a security awareness and training program
  • Application software security
  • Incident response and management
  • Penetration testing and red team exercises

Security Best Practice

CIS Controls are a list of prescriptive, prioritised and simplified set of cyber security best practices. They effectively make up an efficient cyber security program. They are a community-built set of prioritised cyber security guidelines which contain security best practices to improve organisations cyber defences. The CIS Controls provide specific and actionable ways to thwart the most pervasive types of cyber attacks. They consist of high-priority, highly-effective defensive actions that provide a starting point for every enterprise seeking to improve their cyber defence.

A Point for Action

CIS Controls are not a replacement for any existing regulation, compliance or authorisation scheme. The CIS Controls map to most major compliance frameworks such as the NIST Cybersecurity Framework, NIST 800-53, ISO 27000 series and regulations such as PCI DSS, HIPAA, NERC CIP, and FISMA. Mappings from the CIS Controls have been defined for these other frameworks to give a starting point for action.

Basic CIS Controls

  • Inventory and control of hardware assets
  • Inventory and control of software assets
  • Continuous vulnerability management
  • Controlled use of administrative privileges
  • Secure configuration for hardware and software on mobile devices, laptops, workstations and servers
  • Maintenance, monitoring and analysis of audit logs

Foundational CIS Controls

  • Email and web browser protections
  • Malware defences
  • Limitation and control of network ports, protocols and services
  • Data recovery capabilities
  • Secure configuration for network devices, such as firewalls,
    routers and switches
  • Boundary defence
  • Data protection
  • Controlled access based on the need to know
  • Wireless access control
  • Account monitoring and control
  • Data protection
  • Controlled access based on the need to know
  • Wireless access control
  • Account monitoring and control
CIS Controls for Effective Cyber Security

The CIS Critical Security Controls were designed to help organisations rapidly define the starting point for their defences. It allows them to direct their scarce resources on actions with immediate and high-value payoff, as well as focus their attention and resources on additional risk issues that are unique to their business or mission.

CISOs, IT security experts and compliance auditors use the CIS Critical Security Controls to:

  • Leverage the expertise of the global IT community to defend against cyber attacks
  • Focus security resources based on proven best practices, not on any one vendor’s solution
  • Help organisations on the path to GDPR compliance
  • Map against popular industry frameworks and regulations
What are CIS Benchmarks?

CIS Benchmarks are consensus-developed secure configuration guidelines for hardening operating systems, servers, cloud environments and more. There are more than 140 CIS Benchmarks covering more than 14 technology groups. The CIS Benchmarks provide mapping as applicable to the CIS Critical Security Controls.

Bridewell Consulting’s experienced and certified consultants can provide various levels of support, help and training to organisations looking to step up their cyber security defence. Our team of dedicated professional cyber security consultants can work with you to ensure that your organisation is aligned with these CIS best practices.

Ready to Take the Next Step?

We’re here to help, so to speak with our team and learn more about how Bridewell can benefit your organisation, just complete the below form and one of our experts will be in touch.

Other Services

Let’s talk. Speak to our experts to see how we can work together, keeping your business protected and productive.