Implementing
the CIS Controls

CIS (Center for Internet Security) Controls - ManageEngine

What are the CIS Controls®?

Developed by the Center for Internet Security®, the CIS Critical Security Controls are a prescriptive, prioritized set of cybersecurity best practices and defensive actions that can help prevent the most pervasive and dangerous attacks, and support compliance in a multi-framework era. These actionable best practices for cyberdefense are formulated by a group of IT experts using the information gathered from actual attacks and their effective defenses. The CIS Controls provide specific guidance and a clear pathway for organizations to achieve the goals and objectives described by multiple legal, regulatory, and policy frameworks.

The CIS Controls Implementation Groups

In addition to the basic, foundational, and organizational controls, in the latest version of the CIS Controls, V7.1, the controls are prioritized into Implementation Groups (IGs). Each IG identifies which Sub-Controls are reasonable for an organization to implement based on their risk profile and their available resources.

Organizations are encouraged to self-assess and classify themselves as belonging to one of three IGs to prioritize the CIS Controls for a better cybersecurity posture. Organizations should start by implementing the Sub-Controls in IG1, followed by IG2 and then IG3. Implementation of IG1 should be considered among the very first things to be done as part of a cybersecurity program. CIS refers to IG1 as “Cyber Hygiene”—the essential protections that must be put in place to defend against common attacks.

Implementation Group 1 (IG1)

Organizations with limited resources where the sensitivity of data is low will need to implement the Sub-Controls that typically fall into the IG1 category.

Implementation Group 2 (IG2)

Organizations with moderate resources and greater risk exposure for handling more sensitive assets and data will need to implement the IG2 controls along with IG1. These Sub-Controls focus on helping security teams manage sensitive client or company information.

Implementation Group 3 (IG3)

Mature organizations with significant resources and high risk exposure for handling critical assets and data need to implement the Sub-Controls under the IG3 category along with IG1 and IG2. The Sub-Controls that help reduce the impact of targeted attacks from sophisticated adversaries typically fall into IG3.

Download our CIS Controls solution guide to learn more about Implementation Group Sub-Control mapping.

Implement the CIS Controls with ManageEngine solutions

ManageEngine's suite of IT management solutions can help you meet the discrete CIS Control requirements, and in turn aid your organization in carefully planning and developing a best-in-class security program to achieve better cyberhygiene.

  • Basic CIS Controls
  • Foundational
    CIS Controls
  • Organizational CIS Controls

Basic
CIS Controls

CIS Critical Security Controls - ManageEngine
Control 1: Inventory and Control of Hardware Assets
Control 2: Inventory and Control of Software Assets
Control 3: Continuous Vulnerability Management
Control 4: Controlled Use of Administrative Privileges
Control 5: Secure Configuration for Hardware and Software
on Mobile Devices, Laptops, Workstations, and Servers
Control 6: Maintenance, Monitoring, and Analysis of Audit Logs

Foundational
CIS Controls

Top 20 critical security controls - ManageEngine
Control 7: Email and Web Browser Protections
Control 8: Malware Defenses
Control 9: Limitation and Control of Network Ports, Protocols, and Services
Control 10: Data Recovery Capabilities
Control 11: Secure Configuration for Network Devices, such as Firewalls, Routers, and Switches
Control 12: Boundary Defense
Control 13: Data Protection
Control 14: Controlled Access Based on the Need to Know
Control 15: Wireless Access Control
Control 16: Account Monitoring and Control

Organizational
CIS Controls

CIS Security Controls solution - ManageEngine
Control 17: Implement a Security Awareness and Training Program
Control 18: Application Software Security
Control 19: Incident Response and Management
Control 20: Penetration Tests and Red Team Exercises

Dive into the details

Download this guide to take a closer look at how ManageEngine products will help you
implement the CIS Controls in your organization.

Name* Please enter the name
Business email* Please enter the valid email
Phone number
Company
Country*

By clicking "Download now," you agree to the processing of personal data according to our Privacy Policy.

Disclaimer: The complete implementation of the CIS Controls® (developed by the Center of Internet Security) requires a variety of solutions, processes, people, and technologies. The solutions mentioned above are some of the ways in which IT management tools can help with the CIS Control requirements. Coupled with other appropriate solutions, processes, and people, ManageEngine's solutions help implement the CIS Controls. This material is provided for informational purposes only, and should not be considered as legal advice for the CIS Controls implementation. ManageEngine makes no warranties, express, implied, or statutory, as to the information in this material.

X success
Download guideInquire now