CIS v8.1 Safeguards (Sub-Controls)
3.1 - Establish and Maintain Inventory of Enterprise Assets
3.3 - Manage Assets
5.1 - Establish and Maintain a Secure Configuration Process
5.3 - Securely Configure Enterprise Assets and Software
8.1 - Establish and Maintain a Vulnerability Management Process
9.2 - Deploy and Maintain Anti-Malware Software
10.8 - Perform and Test Data Backups
15.1 - Develop an Incident Response Plan
3.4 - Manage Sensitive Assets
4.1 - Establish and Maintain a Secure Access Control Policy and Procedures
4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts
6.3 - Implement and Manage Network Segmentation
7.1 - Establish and Maintain a Data Management Process
7.2 - Implement and Enforce Data Retention
7.3 - Implement Data Loss Prevention (DLP)
12.5 - Enforce Encryption of Data-at-Rest
12.6 - Enforce Encryption of Data-in-Transit
4.3 - Manage Privileged Access
4.4 - Manage Service Accounts
4.6 - Manage External Accounts
14.5 - Establish and Maintain an Audit Log Review and Analysis Process
16.1 - Conduct Security Awareness and Skills Training
3.6 - Establish and Maintain an Inventory of Non-Enterprise Assets
13.1 - Establish and Maintain a Security Awareness Program
18.1 - Establish and Maintain a Penetration Testing Program
19.1 - Establish and Maintain an Incident Response Plan
20.1 - Establish and Maintain a Business Continuity Plan
16.2 - Train Workforce Members on Social Engineering Attacks
19.8 - Perform Post-Incident Reviews
1.1 - Establish and Maintain Enterprise Governance
1.2 - Establish and Maintain Enterprise Security Policies
1.3 - Establish and Maintain Enterprise Agreements
2.1 - Establish and Maintain an Inventory of Authorized Software
10.9 - Perform Off-Site Backups
10.10 - Securely Store Backups
11.1 - Implement and Manage Email Protections
17.1 - Implement Physical Access Controls
17.2 - Monitor Physical Environment
6.1 - Establish and Maintain a Baseline Configuration of Network Devices
6.4 - Implement and Manage Network Infrastructure Device Hardening
6.5 - Implement and Manage Distributed Denial of Service (DDoS) Mitigation Techniques
14.1 - Establish and Maintain a Security Logging and Monitoring Process
8.2 - Remediate Vulnerabilities Based on Risk
8.3 - Verify Application of Security Patches
3.2 - Utilize an Automated Asset Discovery Tool
13.5 - Manage Supplier Access
13.6 - Monitor Supplier Security
3.5 - Manage Enterprise Assets Connected to the Enterprise Network Remotely
4.5 - Manage Mobile Devices
5.4 - Securely Configure Cloud Infrastructure
5.5 - Securely Configure Cloud Workloads
6.2 - Establish and Maintain a Baseline Configuration of Endpoints
4.7 - Enforce Account Password Requirements
4.8 - Enforce Multi-Factor Authentication for All Users
16.4 - Establish and Maintain a Role-Based Security Training Program
16.5 - Conduct Skills Gap Assessments
17.3 - Plan and Implement Environmental Protections
5.6 - Securely Configure Industrial Control Systems (ICS)
6.6 - Implement and Manage Network Segmentation for ICS
1.5 - Conduct Periodic Security Risk Assessments
14.7 - Conduct Security Controls Testing and Validation
15.4 - Establish and Maintain a Security Architecture
1.4 - Establish and Maintain a Threat Intelligence Program
2.2 - Utilize Standard Security Configurations for Enterprise Software and Hardware
8.4 - Perform Application Security Testing
12.1 - Establish and Maintain a Software Development Life Cycle (SDLC)
9.1 - Establish and Maintain a Software Allow List
11.2 - Implement and Manage Web Browser Protections
6.7 - Implement and Manage Domain Name System (DNS) Security
12.7 - Plan and Implement Cryptographic Key Management
7.4 - Securely Dispose of Assets
12.2 - Secure Software via Secure Coding Practices
6.8 - Secure Wireless Access Points
4.9 - Manage Access to Enterprise Applications
11.3 - Implement and Manage Endpoint Protections
"12.6 - Enforce Encryption of Data-in-Transit
66,Insufficient Data Encryption"""
14.2 - Integrate Threat Intelligence into Security Monitoring
14.3 - Establish and Maintain Alerting and Escalation Processes
19.2 - Establish and Maintain an Incident Response Team
19.3 - Develop and Conduct Incident Response Exercises
5.2 - Implement and Manage a Change Management Process
5.7 - Securely Configure Containers
12.3 - Manage Credentials
16.3 - Establish and Maintain a Security Skills Development Program
9.3 - Implement and Manage Endpoint Detection and Response (EDR)
13.3 - Implement and Manage Secure Software Supply Chain Practices
12.4 - Implement and Manage Security for Software Applications
13.4 - Implement and Manage Secure Hardware Supply Chain Practices