CIS Critical Security Controls Version 8
Prioritized set of actions to protect organizations and data from known cyber attack vectors. Developed by a global community of IT experts.
Controls: 73
Total Mappings: 282
Publisher: Center for Internet Security
Version: 8
AC (6) AT (3) AU (6) CM (5) CP (4) IA (5) IR (5) MA (2) MP (3) PL (3) PT (1) RA (3) SA (7) SC (5) SI (7) SR (8)
AC Access Control
AT Awareness and Training
AU Audit and Accountability
| Control | Name | CIS Controls v8 References |
|---|---|---|
| AU-01 | Audit And Accountability Policy And Procedures | 1313.688.2 |
| AU-02 | Auditable Events | 10.310.410.513.116.73.144.14.10 +17 more |
| AU-03 | Content Of Audit Records | 3.148.28.5 |
| AU-04 | Audit Storage Capacity | 8.108.3 |
| AU-06 | Audit Monitoring, Analysis, And Reporting | 13.13.148.18.128.28.38.48.5 +4 more |
| AU-11 | Audit Record Retention | 8.10 |
CM Configuration Management
| Control | Name | CIS Controls v8 References |
|---|---|---|
| CM-01 | Configuration Management Policy And Procedures | 244.14.2 |
| CM-02 | Baseline Configuration | 10.310.410.516.74.14.104.24.3 +5 more |
| CM-06 | Configuration Settings | 10.310.410.516.74.14.104.24.3 +5 more |
| CM-07 | Least Functionality | 44.64.8 |
| CM-08 | Information System Component Inventory | 11.11.322.12.22.46.6 |
CP Contingency Planning
IA Identification and Authentication
| Control | Name | CIS Controls v8 References |
|---|---|---|
| IA-01 | Identification And Authentication Policy And Procedures | 4.755.666.6 |
| IA-02 | User Identification And Authentication | 12.55.55.66.7 |
| IA-03 | Device Identification And Authentication | 12.5 |
| IA-04 | Identifier Management | 12.55.66.6 |
| IA-05 | Authenticator Management | 4.75.2 |
IR Incident Response
MA Maintenance
MP Media Protection
PL Planning
PT Personally Identifiable Information Processing and Transparency
| Control | Name | CIS Controls v8 References |
|---|---|---|
| PT-01 | Policy and Procedures | 12.212.61616.10 |
RA Risk Assessment
SA System and Services Acquisition
| Control | Name | CIS Controls v8 References |
|---|---|---|
| SA-01 | System And Services Acquisition Policy And Procedures | 15.71616.116.1016.1116.5 |
| SA-03 | Life Cycle Support | 15.7 |
| SA-04 | Acquisitions | 1515.215.71616.4 |
| SA-08 | Security Engineering Principles | 10.310.410.512.212.61616.1016.7 +9 more |
| SA-09 | External Information System Services | 15.415.5 |
| SA-10 | Developer Configuration Management | 16.11 |
| SA-11 | Developer Security Testing | 16.1216.216.3 |
SC System and Communications Protection
| Control | Name | CIS Controls v8 References |
|---|---|---|
| SC-01 | System And Communications Protection Policy And Procedures | 1212.112.212.312.61616.10 |
| SC-07 | Boundary Protection | 13.59.6 |
| SC-08 | Transmission Integrity | 3.10 |
| SC-13 | Use Of Cryptography | 3.103.113.63.9 |
| SC-20 | Secure Name / Address Resolution Service (Authoritative Source) | 4.9 |
SI System and Information Integrity
| Control | Name | CIS Controls v8 References |
|---|---|---|
| SI-01 | System And Information Integrity Policy And Procedures | 12.212.61616.10 |
| SI-02 | Flaw Remediation | 10.212.11818.377.17.37.4 |
| SI-03 | Malicious Code Protection | 1010.110.210.410.712.11818.3 +4 more |
| SI-04 | Information System Monitoring Tools And Techniques | 1313.113.63.1488.18.128.2 +7 more |
| SI-06 | Security Functionality Verification | 18.4 |
| SI-08 | Spam Protection | 99.69.7 |
| SI-12 | Information Output Handling And Retention | 3.13.43.5 |
SR Supply Chain Risk Management
| Control | Name | CIS Controls v8 References |
|---|---|---|
| SR-01 | Policy and Procedures | 1515.2 |
| SR-02 | Supply Chain Risk Management Plan | 15.2 |
| SR-04 | Provenance | 16.5 |
| SR-06 | Supplier Assessments and Reviews | 1515.6 |
| SR-07 | Supply Chain Operations Security | 15.2 |
| SR-10 | Inspection of Systems or Components | 16.5 |
| SR-11 | Component Authenticity | 16.5 |
| SR-12 | Component Disposal | 3.5 |