the CIS Controls

CIS (Center for Internet Security) Controls - ManageEngine

The CIS Controls structure

The latest version of the CIS Controls, version 8, is comprised of a set of 18 cyberdefense recommendations, or Controls. Version 8, an extension of version 7, consists of Implementation Groups (IGs). IGs are the new recommended guidance for prioritizing the implementation of the Controls.

In an effort to assist enterprises of every size, IGs are divided into three groups. They are based on the risk profile of an enterprise and the resources available to the organization to implement the CIS Controls.

Each IG identifies a set of Safeguards (previously referred to as CIS Sub-Controls) that the enterprise needs to implement to mitigate the most prevalent cyberattacks against systems and networks. There are a total of 153 Safeguards in CIS Controls Version 8. Every enterprise should start with IG1. IG2 builds upon IG1, and IG3 is comprised of all the Controls and Safeguards.

The CIS Controls are not a one-size-fits-all solution; based on your organization’s cybersecurity maturity, you can plan and prioritize the implementation of various Controls.

Implementation Group 1 (IG1)

IG1 focuses on basic cyberhygiene. It is comprised of the foundational set of cyberdefense Safeguards that every enterprise should apply to guard against the most common attacks. Small to medium-sized organizations with limited cybersecurity expertise and low-sensitivity data will need to implement the cyberdefense Safeguards that typically fall under the IG1 category.

Implementation Group 2 (IG2)

Organizations with moderate resources and greater risk exposure from handling more sensitive assets and data will need to implement the IG2 Controls along with IG1. These Controls focus on helping security teams manage sensitive client or company information.

Implementation Group 3 (IG3)

Mature organizations with significant resources and high risk exposure from handling critical assets and data need to implement the Safeguards under the IG3 category along with IG1 and IG2. Safeguards selected for IG3 abate targeted attacks from sophisticated adversaries and reduce the impact of zero-day attacks.

Implement the CIS Controls with
ManageEngine solutions

ManageEngine's suite of IT management solutions can help you meet the discrete CIS Control requirements and, in turn, help your organization in carefully planning and developing a best-in-class security program to achieve better cyberhygiene.

Control 1: Inventory and Control of Enterprise Assets
Control 2: Inventory and Control of Software Assets
Control 3: Data Protection
Control 4: Secure Configuration of Enterprise Assets and Software
Control 5: Account Management
Control 6: Access Control Management
Control 7: Continuous Vulnerability Management
Control 8: Audit Log Management
Control 9: Email and Web Browser Protections
Control 10: Malware Defenses
Control 11: Data Recovery
Control 12: Network Infrastructure Management
Control 13: Network Monitoring and Defense
Control 14: Security Awareness and Skills Training
Control 15: Service Provider Management
Control 16: Application Software Security
Control 17: Incident Response Management
Control 18: Penetration Testing

Dive into the details

Download this guide to take a closer look at how ManageEngine products will help you with the CIS Controls implementation process.

Name* Please enter the name
Business email* Please enter the valid email
Phone number

By clicking "Download now," you agree to the processing of personal data according to our Privacy Policy.

Disclaimer: The complete implementation of the CIS Controls® (developed by the Center of Internet Security) requires a variety of solutions, processes, people, and technologies. The solutions mentioned above are some of the ways in which IT management tools can help with the CIS Control requirements. Coupled with other appropriate solutions, processes, and people, ManageEngine's solutions help implement the CIS Controls. This material is provided for informational purposes only, and should not be considered as legal advice for the CIS Controls implementation. ManageEngine makes no warranties, express, implied, or statutory, as to the information in this material.

X success
Download guideInquire now