CIS Controls v8
Center for Internet Security Critical Security Controls - prioritized set of actions to protect organizations and data from known cyber attack vectors
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (18)
CIS 01 - Inventory and Control of Enterprise Assets
Actively manage all enterprise assets connected to the network
CIS 02 - Inventory and Control of Software Assets
Actively manage all software on the network
CIS 03 - Data Protection
Develop processes and technical controls to identify, classify, handle and dispose of data
CIS 04 - Secure Configuration
Establish and maintain secure configuration of enterprise assets and software
CIS 05 - Account Management
Use processes and tools to assign and manage authorization to credentials
CIS 06 - Access Control Management
Use processes and tools to create, assign, manage, and revoke access credentials
CIS 07 - Continuous Vulnerability Management
Develop a plan to continuously assess and track vulnerabilities
CIS 08 - Audit Log Management
Collect, alert, review, and retain audit logs of events
CIS 09 - Email and Web Browser Protections
Improve protections and detections of threats from email and web vectors
CIS 10 - Malware Defenses
Prevent or control the installation, spread, and execution of malicious applications
CIS 11 - Data Recovery
Establish and maintain data recovery practices
CIS 12 - Network Infrastructure Management
Establish and maintain the management and security of network infrastructure
CIS 13 - Network Monitoring and Defense
Operate processes and tooling to establish and maintain comprehensive network monitoring
CIS 14 - Security Awareness and Skills Training
Establish and maintain a security awareness program
CIS 15 - Service Provider Management
Develop a process to evaluate service providers
CIS 16 - Application Software Security
Manage the security life cycle of in-house developed, hosted, or acquired software
CIS 17 - Incident Response Management
Establish a program to develop and maintain an incident response capability
CIS 18 - Penetration Testing
Test effectiveness and resiliency of enterprise assets through simulated attacks
Frequently Asked Questions
What is CIS Controls v8?
CIS Controls v8 is a compliance framework from International with 18 domains and 0 controls. Center for Internet Security Critical Security Controls - prioritized set of actions to protect organizations and data from known cyber attack vectors It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does CIS Controls v8 have?
CIS Controls v8 has 0 controls organised across 18 domains. The largest domains are CIS 01 - Inventory and Control of Enterprise Assets (0 controls), CIS 02 - Inventory and Control of Software Assets (0 controls), CIS 03 - Data Protection (0 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does CIS Controls v8 map to?
CIS Controls v8 does not currently have cross-framework mappings in our system. Check back as we continuously expand our mapping database.
How do I get started with CIS Controls v8 compliance?
Start your CIS Controls v8 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about CIS Controls v8 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 0 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 692 frameworks.
Get Started Free →Free forever — no credit card required