The CIS Controls

Prioritized, Effective, Risk-Sized Controls

The CIS Controls are a set of best practices and guidelines that organizations can use to bolster their cybersecurity posture. Consisting of 18 controls, this framework is used by thousands of professionals to secure businesses worldwide.

The CIS 18 Controls have always been the foundation of CorpInfoTech's managed services and internal security structure.

CorpInfoTech is proud to be the first accredited assessor for the CIS Controls.

The CIS Controls Are...

Offense Informed Defense

The Controls are selected, dropped, and prioritizes based on real-world attack data and specific knowledge of attacker behavior and how to arrest it.

Focus

By avoiding “good things to do” and focusing on the most effective and critical security controls, a set of prioritized safeguards is provided that allows defenders to identify and implement the things they need to do to stop the most impactful attacks.

Feasible

Each of the prioritized safeguards contained within the Controls must be specific and practical for defenders to implement. These safeguards must be realistic for organizations to implement based on the risk exposure they have.

Measurable

Each of the Controls must be measurable. This is especially important for Safeguards that are aligned with smaller organizations or those with less sophisticated information systems in mind.

Align

The Controls must peacefully co-exist with other Governance, Regulatory, and Process management schemes. This includes key cybersecurity frameworks and structures such as those provided by National Institute of Standards and Technology (NIST), National Cloud Security Alliance ( NCSA), and similar. This includes the NIST Cyber Security Framework (NIST CSF) and Department of Defense Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0).