The CIS Critical Security Controls (CIS Controls) are a

1. Alignment with NIST CSF 2.0 prioritized set of Safeguards to mitigate the most 
prevalent cyber-attacks against systems and networks.
2. Reviewed Glossary Intro
June 2024
3. Revised asset classes
What's new?
4. Fixed minor typos in Safeguard descriptions A brief description of the intent of the Control and
Overview its utility as a defensive action

5. Added clarification to a few anemic Safeguard descriptions

A description of the importance of this Control in blocking,
Why is this Control critical? mitigating, or identifying attacks, and an explanation of
6. New “Governance” security function how attackers actively exploit the absence of this Control
Structure
A more technical description of the processes and technologies
Procedures and tools that enable implementation and automation of this Control

A table of the specific actions that enterprises

Control 1: Inventory and Control of Enterprise Assets Safeguard descriptions should take to implement the Control

Control 2: Inventory and Control of Software Assets

Control 3: Data Protection CIS Critical Devices

Control 4: Secure Configuration of Security Controls, Software

Enterprise Assets and Software
Version 8.1 Asset Classes
Data
Control 5: Account Management
Users
Control 6: Access Control Management
Network
Control 7: Continuous Vulnerability Management 27.06.2024 www.patreon.com/AndreyProzorov
Documentation
Control 8: Audit Log Management
Govern
Control 9: Email and Web Browser Protections Controls
Identify
Control 10: Malware Defenses
Protect
Control 11: Data Recovery Additional Security Function
Detect
Control 12: Network Infrastructure Management
Respond
Control 13: Network Monitoring and Defense
Recover
Control 14: Security Awareness and Skills Training
"essential cyber hygiene"
Control 15: Service Provider Management
IG1
An IG1 enterprise is small to medium-sized with
Control 16: Application Software Security limited IT and cybersecurity expertise to dedicate
toward protecting IT assets and personnel.

Control 17: Incident Response Management

Implementation An IG2 enterprise employs individuals responsible
IG2
Groups (IGs) for managing and protecting IT infrastructure
Control 18: Penetration Testing
An IG3 enterprise employs security experts that specialize
IG3 in the different facets of cybersecurity (e.g., risk
management, penetration testing, application security)