Center for Internet Security (CIS) Critical Security Controls (CSC) are a top list of recommended security domains that organizations should address to prevent and mitigate the most prevalent attack vectors being leveraged by adversaries. Version 8 of the CSC was released in 2021 and contains a total of 18 controls comprised of 153 safeguards. Controls and Safeguards are organized into 3 maturity levels, called Implementation Groups that help measure an organization’s security posture.
The CSC is industry agnostic, but directly maps to various security standards, including FISMA, HIPPA, and PCI-DSS. In comparison to most regulatory security requirements, the CIS CSC is often more streamlined, straightforward and flexible – making it ideal to use in building a security program.
GAI Cyber provides both consultative implementation and assessment services for the CIS CSC. Our team can help build out and mature an existing program around the CSC or provide independent assessment services to determine existing adherence to it.
(Click to enlarge)