The CIS Critical Security Controls are a globally recognised, prioritised set of safeguards. Run a free external scan to see how your public-facing posture maps to CIS v8.
Scan your site free →The CIS Critical Security Controls (CIS Controls v8) are a prioritised set of 18 controls maintained by the Center for Internet Security. They distil the most effective defensive actions into a manageable, ordered roadmap used by organisations worldwide.
v8 introduces Implementation Groups (IG1–IG3) so organisations can right-size adoption. IG1 is essential cyber hygiene for every organisation; IG2 and IG3 add depth for those handling more sensitive data or facing more capable adversaries.
Actively manage all enterprise assets and software so only authorised items connect and run.
Identify, classify and protect data with encryption in transit and at rest.
Establish and maintain secure baselines for hardware, software and services.
Manage the lifecycle and privileges of accounts, and enforce least privilege and MFA.
Continuously assess and remediate vulnerabilities to shrink the attack surface.
Reduce the attack surface of email and browsers, the most common entry points.
Prevent or control the installation and execution of malicious software.
Collect, review and retain logs to detect and investigate attacks.
Our free scanner assesses the externally observable safeguards — TLS configuration, security headers, email authentication (SPF/DKIM/DMARC) and exposed services — that map to CIS Controls such as data protection, secure configuration and email/web protections.
The CIS Controls are a best-practice framework rather than a regulation, but they map to many standards (NIST CSF, ISO 27001, PCI DSS) and are widely used to prioritise a security programme.
Implementation Groups (IG1–IG3) let organisations adopt the controls in proportion to their risk and resources. IG1 is the essential cyber-hygiene baseline every organisation should meet.
No. Many CIS Controls are internal or procedural. This external scan grades the internet-facing safeguards; use it alongside a full CIS assessment for complete coverage.