The CIS Critical Security Controls are designed to move an organization's Cyber Security posture from an unknown or low maturity into a defensible position. They also ensure commonly overlooked protections are identified and completed. The CIS Controls are a base level of security required for any organizations, referred to as the "low water mark" or the minimum controls to ensure due diligence through cyber security assurance. The Implementation Groups are a prioritized plan for reducing cyber risks.
More than just implementation, the Controls focus on assurance through implementation, measurement, automation, and reporting.
This poster, created by SANS Instructor and Author Brian Ventura, supports content taught in depth via SANS SEC566: Implementing and Auditing CIS Controls.