Center for Internet Security Controls

Center for Internet Security Best Practices

In the final section of this lesson, we look at the Center for Internet Security (CIS) Cybersecurity Best Practices. The Center for Internet Security is a non-profit organization that leads a global community of IT professionals in developing security standards to safeguard against emerging threats.

Their best practices are made up of two parts:

• The Critical Security Controls, also known as the CIS CSC or CIS Controls™ which are the top 20 activities for organizational security.
• The CIS Benchmarks™ are guidelines to secure or lockdown operating systems, software, applications and networks

They are both developed by a community of cybersecurity professionals from many different areas with the goal of establishing a form of a checklist of activities as organizations mature their cybersecurity programs.

The CIS Controls™ is separated into three functional areas that the CIS calls Implementation Groups:

• Basic Controls
• Foundational Controls
• Organizational Controls

Further research

• CIS Best Practices: https://www.cisecurity.org/cybersecurity-best-practices/
• CIS Controls List: https://www.cisecurity.org/controls/cis-controls-list/