CIS Critical Controls

SANS Critical Security Controls

Critical Security Controls for Effective Cyber Defense

The Critical Security Controls are a relatively small number of prioritized, well-vetted, and supported set of security actions that organizations can take to assess and improve their current security state.

Organizations that apply just the first five CIS Controls can reduce their risk of cyberattack by around 85 percent. “Implementing all 20 CIS Controls increases the risk reduction to around 94 percent”.

Click here for the 20 controls

Click here detail on Step 1: Inventory of Authorised and Unauthorised devices.

  • Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorised devices are given access, and unauthorised and unmanaged devices are found and prevented from gaining access.
  • Record at least the network MAC addresses, machine name(s), purpose of each system, an asset owner responsible for each device plus department associated with each device. The inventory should include every system that has an Internet protocol (IP) address on the network, including, but not limited to desktops, laptops, tablets, phones, servers, routers, waps, switches, firewalls, cameras, printers, storage area networks, voiceover-IP telephones, virtual addresses, etc.

Click here for a pdf of the 20 critical controls that also identifies the Quick Wins

CLick Here for the SANS  poster of the 20 controls