What Are the CIS Security Controls?
The Center for Internet Security (CIS) controls are a set of actions an organization can implement to protect data, systems, and assets from cyber attacks or cyber threats. Intended to increase an organization’s security posture, the complete list of controls, now on version eight, is a simplified series of steps that help an organization maintain compliance, be proactive in their cybersecurity, achieve cyber hygiene, and employ advanced threat protection.
These controls supplement other frameworks, such as NIST, ISO 27001, PCI, and HIPAA — and are a useful baseline to develop or assess a security program. They are designed to scale across organizations of any size and the sequence of controls allows one to follow a foundational blueprint while gradually improving security posture and reducing exposure to risk.
The complete list includes a number of main controls, and over 100 sub-controls, but there are 18 that every organization should implement.
The Top 18 CIS Security Controls
1. Inventory and Control of Enterprise Assets
Actively manage (inventory, track, and correct) all enterprise assets (end-user devices, including portable and mobile; network devices; non-computing/ Internet of Things (IoT) devices; and servers) connected to the infrastructure physically, virtually, remotely, and those within cloud environments
2. Inventory and Control of Software Assets
Actively manage all software on the network so that only authorized software is installed.
3. Data Protection
Develop processes and technical controls to identify, classify, securely handle, retain, and dispose of data.
4. Configuration of Enterprise Assets and Software
Establish and maintain secure configuration of all assets and software.
5. Account Management
Use processes and tools to assign and manage authorization to credentials for user accounts, including administrator accounts, as well as service accounts, to enterprise assets and software.
6. Access Control Management
Use processes and tools to create, assign, manage, and revoke access credentials and privileges for user, administrator, and service accounts for enterprise assets and software.
7. Continuous Vulnerability Management
Develop a plan to continuously assess and track vulnerabilities on all enterprise assets within the enterprise’s infrastructure to remediate, and minimize, the window of opportunity for attackers.
8. Audit Log Management
Collect, alert, review, and retain audit logs of events that could help detect, understand, or recover from an attack.
9. Email and Web Browser Protections
Improve protections and detections of threats from email and web vectors, as these are opportunities for attackers to manipulate human behavior through direct engagement.
10. Malware Defenses
Prevent or control the installation, spread, and execution of malicious applications, code, or scripts on enterprise assets.
11. Data Recovery
Establish and maintain data recovery practices sufficient to restore in-scope enterprise assets to a pre-incident and trusted state.
12. Network Infrastructure Management
Establish, implement, and actively manage network devices, in order to prevent attackers from exploiting vulnerable network services and access points.
13. Network Monitoring and Defenses
Operate processes and tooling to establish and maintain comprehensive network monitoring and defense against security threats across the enterprise’s network infrastructure and user base.
14. Security Awareness and Skills Training
Establish and maintain a security awareness program to influence behavior among the workforce to be security conscious and properly skilled to reduce cybersecurity risks to the enterprise.
15. Service Provider Management
Develop a process to evaluate service providers who hold sensitive data or are responsible for an enterprise’s critical IT platforms or processes, to ensure these providers are protecting those platforms and data appropriately.
16. Application Software Security
Manage the security life cycle of in-house developed, hosted, or acquired software to prevent, detect, and remediate security weaknesses before they can impact the enterprise.
17. Incident Response Management
Establish a program to develop and maintain an incident response capability (e.g., policies, plans, procedures, defined roles, training, and communications) to prepare, detect, and quickly respond to an attack.
18. Penetration Testing
Test the effectiveness and resiliency of enterprise assets through identifying and exploiting weaknesses in controls (people, processes, and technology), and simulating the objectives and actions of an attacker.
These 18 controls cover a wide range of cybersecurity topics, all intended to help organizations manage and protect their security environment. The controls above cover identity and access management, as well as vulnerability management, user training, and post-breach best practices. It’s important for an organization to have a holistic approach that hits every pillar of a strong cybersecurity architecture, not just one or a few.
Arctic Wolf and the CIS Security Controls
Arctic Wolf’s suite of solutions all falls under various CIS security controls and helps organizations of all sizes achieve these controls efficiently and seamlessly. A strong security strategy is one that is holistic; where every aspect works together to build a secure environment and further the security journey. Arctic Wolf does just that.
Arctic Wolf® Managed Detection and Response (MDR) offers 24×7 monitoring of networks, endpoints, and cloud environments.
Arctic Wolf® Managed Risk enables organizations to discover, assess, and harden your environment against digital risks by contextualizing your attack surface coverage across your networks, endpoints, and cloud environments.
Arctic Wolf Managed Security Awareness® utilizes micro-learning and relevant, engaging content to help users understand how they can defend against social engineering attacks, and how they may be targeted. This solution helps users understand their role in the overall security strategy.
Arctic Wolf® Incident Response is a trusted leader in incident response (IR) leveraging an elastic framework that enables rapid remediation to any cyber emergency at scale. With a breadth of IR capabilities, technical depth of incident investigators, and exceptional service provided throughout IR engagements, Arctic Wolf Incident Response helps organizations recover from cyber incidents, fast.