CIS Critical Security Controls v8.1
Crosswalk to NIST CSF 2.0 · 171 controls · Updated April 2026.
CIS Critical Security Controls v8.1 is a prescriptive list of 18 Controls broken into 171 safeguards across three Implementation Groups (IG1/IG2/IG3). It is the most actionable compliance framework available — controls are written as things to do, not principles to follow.
About CIS v8.1
CIS Controls v8.1 (released June 2024) retains the 18 Controls structure from v8 and refines the 153 safeguards into a more comprehensive list of 171 — still organized into Implementation Groups that map to organizational maturity. IG1 is the minimum viable baseline for every organization; IG2 adds controls for organizations with moderate resources; IG3 covers mature enterprises.
SecurityStack maps CIS v8.1 safeguards to NIST CSF 2.0 categories through the crosswalk below. The mapping density is highest in PROTECT and DETECT, reflecting the framework's prescriptive posture around configuration, hardening, and telemetry.
Primary audience: SMB and mid-market security teams that want a prescriptive, prioritized control list without the governance overhead of a full framework.
Controls by Control
171 controls across 19 groups. Mapping strengths to NIST CSF 2.0 categories are summarized below.
CIS Controls v8.1 18 controls
| Control ID | Name |
|---|---|
| CIS-1 | CIS Control 1: Inventory and Control of Enterprise Assets Inventory and Control of Enterprise Assets (5 safeguards) |
| CIS-10 | CIS Control 10: Malware Defenses Malware Defenses (7 safeguards) |
| CIS-11 | CIS Control 11: Data Recovery Data Recovery (5 safeguards) |
| CIS-12 | CIS Control 12: Network Infrastructure Management Network Infrastructure Management (8 safeguards) |
| CIS-13 | CIS Control 13: Network Monitoring and Defense Network Monitoring and Defense (11 safeguards) |
| CIS-14 | CIS Control 14: Security Awareness and Skills Training Security Awareness and Skills Training (9 safeguards) |
| CIS-15 | CIS Control 15: Service Provider Management Service Provider Management (7 safeguards) |
| CIS-16 | CIS Control 16: Application Software Security Application Software Security (14 safeguards) |
| CIS-17 | CIS Control 17: Incident Response Management Incident Response Management (9 safeguards) |
| CIS-18 | CIS Control 18: Penetration Testing Penetration Testing (5 safeguards) |
| CIS-2 | CIS Control 2: Inventory and Control of Software Assets Inventory and Control of Software Assets (7 safeguards) |
| CIS-3 | CIS Control 3: Data Protection Data Protection (14 safeguards) |
| CIS-4 | CIS Control 4: Secure Configuration of Enterprise Assets and Software Secure Configuration of Enterprise Assets and Software (12 safeguards) |
| CIS-5 | CIS Control 5: Account Management Account Management (6 safeguards) |
| CIS-6 | CIS Control 6: Access Control Management Access Control Management (8 safeguards) |
| CIS-7 | CIS Control 7: Continuous Vulnerability Management Continuous Vulnerability Management (7 safeguards) |
| CIS-8 | CIS Control 8: Audit Log Management Audit Log Management (12 safeguards) |
| CIS-9 | CIS Control 9: Email and Web Browser Protections Email and Web Browser Protections (7 safeguards) |
CIS-1 5 controls
| Control ID | Name | IG |
|---|---|---|
| CIS-1.1 | Safeguard 1.1: Establish and Maintain Detailed Enterprise Asset Inventory Establish and Maintain Detailed Enterprise Asset Inventory | IG1 |
| CIS-1.2 | Safeguard 1.2: Address Unauthorized Assets Address Unauthorized Assets | IG1 |
| CIS-1.3 | Safeguard 1.3: Utilize an Active Discovery Tool Utilize an Active Discovery Tool | IG2 |
| CIS-1.4 | Safeguard 1.4: Use DHCP Logging to Update Enterprise Asset Inventory Use DHCP Logging to Update Enterprise Asset Inventory | IG2 |
| CIS-1.5 | Safeguard 1.5: Use a Passive Asset Discovery Tool Use a Passive Asset Discovery Tool | IG3 |
CIS-10 7 controls
| Control ID | Name | IG |
|---|---|---|
| CIS-10.1 | Safeguard 10.1: Deploy and Maintain Anti-Malware Software Deploy and Maintain Anti-Malware Software | IG1 |
| CIS-10.2 | Safeguard 10.2: Configure Automatic Anti-Malware Signature Updates Configure Automatic Anti-Malware Signature Updates | IG1 |
| CIS-10.3 | Safeguard 10.3: Disable Autorun and Autoplay for Removable Media Disable Autorun and Autoplay for Removable Media | IG1 |
| CIS-10.4 | Safeguard 10.4: Configure Automatic Anti-Malware Scanning of Removable Media Configure Automatic Anti-Malware Scanning of Removable Media | IG2 |
| CIS-10.5 | Safeguard 10.5: Enable Anti-Exploitation Features Enable Anti-Exploitation Features | IG2 |
| CIS-10.6 | Safeguard 10.6: Centrally Manage Anti-Malware Software Centrally Manage Anti-Malware Software | IG2 |
| CIS-10.7 | Safeguard 10.7: Use Behavior-Based Anti-Malware Software Use Behavior-Based Anti-Malware Software | IG3 |
CIS-11 5 controls
| Control ID | Name | IG |
|---|---|---|
| CIS-11.1 | Safeguard 11.1: Establish and Maintain a Data Recovery Process Establish and Maintain a Data Recovery Process | IG1 |
| CIS-11.2 | Safeguard 11.2: Perform Automated Backups Perform Automated Backups | IG1 |
| CIS-11.3 | Safeguard 11.3: Protect Recovery Data Protect Recovery Data | IG1 |
| CIS-11.4 | Safeguard 11.4: Establish and Maintain an Isolated Instance of Recovery Data Establish and Maintain an Isolated Instance of Recovery Data | IG1 |
| CIS-11.5 | Safeguard 11.5: Test Data Recovery Test Data Recovery | IG2 |
CIS-12 8 controls
| Control ID | Name | IG |
|---|---|---|
| CIS-12.1 | Safeguard 12.1: Ensure Network Infrastructure is Up-to-Date Ensure Network Infrastructure is Up-to-Date | IG1 |
| CIS-12.2 | Safeguard 12.2: Establish and Maintain a Secure Network Architecture Establish and Maintain a Secure Network Architecture | IG2 |
| CIS-12.3 | Safeguard 12.3: Securely Manage Network Infrastructure Securely Manage Network Infrastructure | IG2 |
| CIS-12.4 | Safeguard 12.4: Establish and Maintain Architecture Diagram(s) Establish and Maintain Architecture Diagram(s) | IG2 |
| CIS-12.5 | Safeguard 12.5: Centralize Network AAA Centralize Network AAA | IG2 |
| CIS-12.6 | Safeguard 12.6: Use of Secure Network Management and Communication Protocols Use of Secure Network Management and Communication Protocols | IG2 |
| CIS-12.7 | Safeguard 12.7: Ensure Remote Devices Utilize a VPN and Connect to AAA Infrastructure Ensure Remote Devices Utilize a VPN and Connect to AAA Infrastructure | IG2 |
| CIS-12.8 | Safeguard 12.8: Establish and Maintain Dedicated Computing Resources for Admin Work Establish and Maintain Dedicated Computing Resources for Admin Work | IG3 |
CIS-13 11 controls
| Control ID | Name | IG |
|---|---|---|
| CIS-13.1 | Safeguard 13.1: Centralize Security Event Alerting Centralize Security Event Alerting | IG1 |
| CIS-13.10 | Safeguard 13.10: Perform Application Layer Filtering Perform Application Layer Filtering | IG3 |
| CIS-13.11 | Safeguard 13.11: Tune Security Event Alerting Thresholds Tune Security Event Alerting Thresholds | IG3 |
| CIS-13.2 | Safeguard 13.2: Deploy a Host-Based Intrusion Detection Solution Deploy a Host-Based Intrusion Detection Solution | IG2 |
| CIS-13.3 | Safeguard 13.3: Deploy a Network Intrusion Detection Solution Deploy a Network Intrusion Detection Solution | IG2 |
| CIS-13.4 | Safeguard 13.4: Perform Traffic Filtering Between Network Segments Perform Traffic Filtering Between Network Segments | IG2 |
| CIS-13.5 | Safeguard 13.5: Manage Access Control for Remote Assets Manage Access Control for Remote Assets | IG2 |
| CIS-13.6 | Safeguard 13.6: Collect Network Traffic Flow Logs Collect Network Traffic Flow Logs | IG2 |
| CIS-13.7 | Safeguard 13.7: Deploy a Host-Based Intrusion Prevention Solution Deploy a Host-Based Intrusion Prevention Solution | IG3 |
| CIS-13.8 | Safeguard 13.8: Deploy a Network Intrusion Prevention Solution Deploy a Network Intrusion Prevention Solution | IG3 |
| CIS-13.9 | Safeguard 13.9: Deploy Port-Level Access Control Deploy Port-Level Access Control | IG3 |
CIS-14 9 controls
| Control ID | Name | IG |
|---|---|---|
| CIS-14.1 | Safeguard 14.1: Establish and Maintain a Security Awareness Program Establish and Maintain a Security Awareness Program | IG1 |
| CIS-14.2 | Safeguard 14.2: Train Workforce to Recognize Social Engineering Attacks Train Workforce to Recognize Social Engineering Attacks | IG1 |
| CIS-14.3 | Safeguard 14.3: Train Workforce on Authentication Best Practices Train Workforce on Authentication Best Practices | IG1 |
| CIS-14.4 | Safeguard 14.4: Train Workforce on Data Handling Best Practices Train Workforce on Data Handling Best Practices | IG1 |
| CIS-14.5 | Safeguard 14.5: Train Workforce on Causes of Unintentional Data Exposure Train Workforce on Causes of Unintentional Data Exposure | IG1 |
| CIS-14.6 | Safeguard 14.6: Train Workforce on Recognizing and Reporting Security Incidents Train Workforce on Recognizing and Reporting Security Incidents | IG1 |
| CIS-14.7 | Safeguard 14.7: Train Workforce on How to Identify Missing Security Updates Train Workforce on How to Identify Missing Security Updates | IG1 |
| CIS-14.8 | Safeguard 14.8: Train Workforce on Dangers of Insecure Networks Train Workforce on Dangers of Insecure Networks | IG1 |
| CIS-14.9 | Safeguard 14.9: Conduct Role-Specific Security Awareness and Skills Training Conduct Role-Specific Security Awareness and Skills Training | IG2 |
CIS-15 7 controls
| Control ID | Name | IG |
|---|---|---|
| CIS-15.1 | Safeguard 15.1: Establish and Maintain an Inventory of Service Providers Establish and Maintain an Inventory of Service Providers | IG1 |
| CIS-15.2 | Safeguard 15.2: Establish and Maintain a Service Provider Management Policy Establish and Maintain a Service Provider Management Policy | IG2 |
| CIS-15.3 | Safeguard 15.3: Classify Service Providers Classify Service Providers | IG2 |
| CIS-15.4 | Safeguard 15.4: Ensure Service Provider Contracts Include Security Requirements Ensure Service Provider Contracts Include Security Requirements | IG2 |
| CIS-15.5 | Safeguard 15.5: Assess Service Providers Assess Service Providers | IG2 |
| CIS-15.6 | Safeguard 15.6: Monitor Service Providers Monitor Service Providers | IG3 |
| CIS-15.7 | Safeguard 15.7: Securely Decommission Service Providers Securely Decommission Service Providers | IG3 |
CIS-16 14 controls
| Control ID | Name | IG |
|---|---|---|
| CIS-16.1 | Safeguard 16.1: Establish and Maintain a Secure Application Development Process Establish and Maintain a Secure Application Development Process | IG2 |
| CIS-16.10 | Safeguard 16.10: Apply Secure Design Principles in Application Architectures Apply Secure Design Principles in Application Architectures | IG2 |
| CIS-16.11 | Safeguard 16.11: Leverage Vetted Modules or Services for App Security Components Leverage Vetted Modules or Services for App Security Components | IG2 |
| CIS-16.12 | Safeguard 16.12: Implement Code-Level Security Checks Implement Code-Level Security Checks | IG3 |
| CIS-16.13 | Safeguard 16.13: Conduct Application Penetration Testing Conduct Application Penetration Testing | IG3 |
| CIS-16.14 | Safeguard 16.14: Conduct Threat Modeling Conduct Threat Modeling | IG3 |
| CIS-16.2 | Safeguard 16.2: Establish and Maintain a Process to Accept and Address Software Vulnerabilities Establish and Maintain a Process to Accept and Address Software Vulnerabilities | IG2 |
| CIS-16.3 | Safeguard 16.3: Perform Root Cause Analysis on Security Vulnerabilities Perform Root Cause Analysis on Security Vulnerabilities | IG2 |
| CIS-16.4 | Safeguard 16.4: Establish and Manage an Inventory of Third-Party Software Components Establish and Manage an Inventory of Third-Party Software Components | IG2 |
| CIS-16.5 | Safeguard 16.5: Use Up-to-Date and Trusted Third-Party Software Components Use Up-to-Date and Trusted Third-Party Software Components | IG2 |
| CIS-16.6 | Safeguard 16.6: Establish and Maintain a Severity Rating System for App Vulns Establish and Maintain a Severity Rating System for App Vulns | IG2 |
| CIS-16.7 | Safeguard 16.7: Use Standard Hardening Configuration Templates for App Infrastructure Use Standard Hardening Configuration Templates for App Infrastructure | IG2 |
| CIS-16.8 | Safeguard 16.8: Separate Production and Non-Production Systems Separate Production and Non-Production Systems | IG2 |
| CIS-16.9 | Safeguard 16.9: Train Developers in Application Security Concepts and Secure Coding Train Developers in Application Security Concepts and Secure Coding | IG2 |
CIS-17 9 controls
| Control ID | Name | IG |
|---|---|---|
| CIS-17.1 | Safeguard 17.1: Designate Personnel to Manage Incident Handling Designate Personnel to Manage Incident Handling | IG1 |
| CIS-17.2 | Safeguard 17.2: Establish and Maintain Contact Information for Reporting Security Incidents Establish and Maintain Contact Information for Reporting Security Incidents | IG1 |
| CIS-17.3 | Safeguard 17.3: Establish and Maintain an Enterprise Process for Reporting Incidents Establish and Maintain an Enterprise Process for Reporting Incidents | IG1 |
| CIS-17.4 | Safeguard 17.4: Establish and Maintain an Incident Response Process Establish and Maintain an Incident Response Process | IG2 |
| CIS-17.5 | Safeguard 17.5: Assign Key Roles and Responsibilities Assign Key Roles and Responsibilities | IG2 |
| CIS-17.6 | Safeguard 17.6: Define Mechanisms for Communicating During Incident Response Define Mechanisms for Communicating During Incident Response | IG2 |
| CIS-17.7 | Safeguard 17.7: Conduct Routine Incident Response Exercises Conduct Routine Incident Response Exercises | IG2 |
| CIS-17.8 | Safeguard 17.8: Conduct Post-Incident Reviews Conduct Post-Incident Reviews | IG2 |
| CIS-17.9 | Safeguard 17.9: Establish and Maintain Security Incident Thresholds Establish and Maintain Security Incident Thresholds | IG3 |
CIS-18 5 controls
| Control ID | Name | IG |
|---|---|---|
| CIS-18.1 | Safeguard 18.1: Establish and Maintain a Penetration Testing Program Establish and Maintain a Penetration Testing Program | IG2 |
| CIS-18.2 | Safeguard 18.2: Perform Periodic External Penetration Tests Perform Periodic External Penetration Tests | IG2 |
| CIS-18.3 | Safeguard 18.3: Remediate Penetration Test Findings Remediate Penetration Test Findings | IG2 |
| CIS-18.4 | Safeguard 18.4: Validate Security Measures Validate Security Measures | IG3 |
| CIS-18.5 | Safeguard 18.5: Perform Periodic Internal Penetration Tests Perform Periodic Internal Penetration Tests | IG3 |
CIS-2 7 controls
| Control ID | Name | IG |
|---|---|---|
| CIS-2.1 | Safeguard 2.1: Establish and Maintain a Software Inventory Establish and Maintain a Software Inventory | IG1 |
| CIS-2.2 | Safeguard 2.2: Ensure Authorized Software is Currently Supported Ensure Authorized Software is Currently Supported | IG1 |
| CIS-2.3 | Safeguard 2.3: Address Unauthorized Software Address Unauthorized Software | IG1 |
| CIS-2.4 | Safeguard 2.4: Utilize Automated Software Inventory Tools Utilize Automated Software Inventory Tools | IG2 |
| CIS-2.5 | Safeguard 2.5: Allowlist Authorized Software Allowlist Authorized Software | IG2 |
| CIS-2.6 | Safeguard 2.6: Allowlist Authorized Libraries Allowlist Authorized Libraries | IG2 |
| CIS-2.7 | Safeguard 2.7: Allowlist Authorized Scripts Allowlist Authorized Scripts | IG3 |
CIS-3 14 controls
| Control ID | Name | IG |
|---|---|---|
| CIS-3.1 | Safeguard 3.1: Establish and Maintain a Data Management Process Establish and Maintain a Data Management Process | IG1 |
| CIS-3.10 | Safeguard 3.10: Encrypt Sensitive Data in Transit Encrypt Sensitive Data in Transit | IG2 |
| CIS-3.11 | Safeguard 3.11: Encrypt Sensitive Data at Rest Encrypt Sensitive Data at Rest | IG2 |
| CIS-3.12 | Safeguard 3.12: Segment Data Processing and Storage Based on Sensitivity Segment Data Processing and Storage Based on Sensitivity | IG2 |
| CIS-3.13 | Safeguard 3.13: Deploy a Data Loss Prevention Solution Deploy a Data Loss Prevention Solution | IG3 |
| CIS-3.14 | Safeguard 3.14: Log Sensitive Data Access Log Sensitive Data Access | IG3 |
| CIS-3.2 | Safeguard 3.2: Establish and Maintain a Data Inventory Establish and Maintain a Data Inventory | IG1 |
| CIS-3.3 | Safeguard 3.3: Configure Data Access Control Lists Configure Data Access Control Lists | IG1 |
| CIS-3.4 | Safeguard 3.4: Enforce Data Retention Enforce Data Retention | IG1 |
| CIS-3.5 | Safeguard 3.5: Securely Dispose of Data Securely Dispose of Data | IG1 |
| CIS-3.6 | Safeguard 3.6: Encrypt Data on End-User Devices Encrypt Data on End-User Devices | IG1 |
| CIS-3.7 | Safeguard 3.7: Establish and Maintain a Data Classification Scheme Establish and Maintain a Data Classification Scheme | IG2 |
| CIS-3.8 | Safeguard 3.8: Document Data Flows Document Data Flows | IG2 |
| CIS-3.9 | Safeguard 3.9: Encrypt Data on Removable Media Encrypt Data on Removable Media | IG2 |
CIS-4 12 controls
| Control ID | Name | IG |
|---|---|---|
| CIS-4.1 | Safeguard 4.1: Establish and Maintain a Secure Configuration Process Establish and Maintain a Secure Configuration Process | IG1 |
| CIS-4.10 | Safeguard 4.10: Enforce Automatic Device Lockout on Portable End-User Devices Enforce Automatic Device Lockout on Portable End-User Devices | IG2 |
| CIS-4.11 | Safeguard 4.11: Enforce Remote Wipe Capability on Portable End-User Devices Enforce Remote Wipe Capability on Portable End-User Devices | IG2 |
| CIS-4.12 | Safeguard 4.12: Separate Enterprise Workspaces on Mobile End-User Devices Separate Enterprise Workspaces on Mobile End-User Devices | IG3 |
| CIS-4.2 | Safeguard 4.2: Establish and Maintain a Secure Configuration Process for Network Infrastructure Establish and Maintain a Secure Configuration Process for Network Infrastructure | IG1 |
| CIS-4.3 | Safeguard 4.3: Configure Automatic Session Locking on Enterprise Assets Configure Automatic Session Locking on Enterprise Assets | IG1 |
| CIS-4.4 | Safeguard 4.4: Implement and Manage a Firewall on Servers Implement and Manage a Firewall on Servers | IG1 |
| CIS-4.5 | Safeguard 4.5: Implement and Manage a Firewall on End-User Devices Implement and Manage a Firewall on End-User Devices | IG1 |
| CIS-4.6 | Safeguard 4.6: Securely Manage Enterprise Assets and Software Securely Manage Enterprise Assets and Software | IG1 |
| CIS-4.7 | Safeguard 4.7: Manage Default Accounts on Enterprise Assets and Software Manage Default Accounts on Enterprise Assets and Software | IG2 |
| CIS-4.8 | Safeguard 4.8: Uninstall or Disable Unnecessary Services Uninstall or Disable Unnecessary Services | IG2 |
| CIS-4.9 | Safeguard 4.9: Configure Trusted DNS Servers on Enterprise Assets Configure Trusted DNS Servers on Enterprise Assets | IG2 |
CIS-5 6 controls
| Control ID | Name | IG |
|---|---|---|
| CIS-5.1 | Safeguard 5.1: Establish and Maintain an Inventory of Accounts Establish and Maintain an Inventory of Accounts | IG1 |
| CIS-5.2 | Safeguard 5.2: Use Unique Passwords Use Unique Passwords | IG1 |
| CIS-5.3 | Safeguard 5.3: Disable Dormant Accounts Disable Dormant Accounts | IG1 |
| CIS-5.4 | Safeguard 5.4: Restrict Administrator Privileges to Dedicated Administrator Accounts Restrict Administrator Privileges to Dedicated Administrator Accounts | IG1 |
| CIS-5.5 | Safeguard 5.5: Establish and Maintain an Inventory of Service Accounts Establish and Maintain an Inventory of Service Accounts | IG2 |
| CIS-5.6 | Safeguard 5.6: Centralize Account Management Centralize Account Management | IG2 |
CIS-6 8 controls
| Control ID | Name | IG |
|---|---|---|
| CIS-6.1 | Safeguard 6.1: Establish an Access Granting Process Establish an Access Granting Process | IG1 |
| CIS-6.2 | Safeguard 6.2: Establish an Access Revoking Process Establish an Access Revoking Process | IG1 |
| CIS-6.3 | Safeguard 6.3: Require MFA for Externally-Exposed Applications Require MFA for Externally-Exposed Applications | IG1 |
| CIS-6.4 | Safeguard 6.4: Require MFA for Remote Network Access Require MFA for Remote Network Access | IG1 |
| CIS-6.5 | Safeguard 6.5: Require MFA for Administrative Access Require MFA for Administrative Access | IG1 |
| CIS-6.6 | Safeguard 6.6: Establish and Maintain an Inventory of Authentication and Authorization Systems Establish and Maintain an Inventory of Authentication and Authorization Systems | IG2 |
| CIS-6.7 | Safeguard 6.7: Centralize Access Control Centralize Access Control | IG2 |
| CIS-6.8 | Safeguard 6.8: Define and Maintain Role-Based Access Control Define and Maintain Role-Based Access Control | IG3 |
CIS-7 7 controls
| Control ID | Name | IG |
|---|---|---|
| CIS-7.1 | Safeguard 7.1: Establish and Maintain a Vulnerability Management Process Establish and Maintain a Vulnerability Management Process | IG1 |
| CIS-7.2 | Safeguard 7.2: Establish and Maintain a Remediation Process Establish and Maintain a Remediation Process | IG1 |
| CIS-7.3 | Safeguard 7.3: Perform Automated Operating System Patch Management Perform Automated Operating System Patch Management | IG1 |
| CIS-7.4 | Safeguard 7.4: Perform Automated Application Patch Management Perform Automated Application Patch Management | IG1 |
| CIS-7.5 | Safeguard 7.5: Perform Automated Vulnerability Scans of Internal Enterprise Assets Perform Automated Vulnerability Scans of Internal Enterprise Assets | IG2 |
| CIS-7.6 | Safeguard 7.6: Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets | IG2 |
| CIS-7.7 | Safeguard 7.7: Remediate Detected Vulnerabilities Remediate Detected Vulnerabilities | IG3 |
CIS-8 12 controls
| Control ID | Name | IG |
|---|---|---|
| CIS-8.1 | Safeguard 8.1: Establish and Maintain an Audit Log Management Process Establish and Maintain an Audit Log Management Process | IG1 |
| CIS-8.10 | Safeguard 8.10: Retain Audit Logs Retain Audit Logs | IG2 |
| CIS-8.11 | Safeguard 8.11: Conduct Audit Log Reviews Conduct Audit Log Reviews | IG2 |
| CIS-8.12 | Safeguard 8.12: Collect Service Provider Logs Collect Service Provider Logs | IG3 |
| CIS-8.2 | Safeguard 8.2: Collect Audit Logs Collect Audit Logs | IG1 |
| CIS-8.3 | Safeguard 8.3: Ensure Adequate Audit Log Storage Ensure Adequate Audit Log Storage | IG1 |
| CIS-8.4 | Safeguard 8.4: Standardize Time Synchronization Standardize Time Synchronization | IG2 |
| CIS-8.5 | Safeguard 8.5: Collect Detailed Audit Logs Collect Detailed Audit Logs | IG2 |
| CIS-8.6 | Safeguard 8.6: Collect DNS Query Audit Logs Collect DNS Query Audit Logs | IG2 |
| CIS-8.7 | Safeguard 8.7: Collect URL Request Audit Logs Collect URL Request Audit Logs | IG2 |
| CIS-8.8 | Safeguard 8.8: Collect Command-Line Audit Logs Collect Command-Line Audit Logs | IG2 |
| CIS-8.9 | Safeguard 8.9: Centralize Audit Logs Centralize Audit Logs | IG2 |
CIS-9 7 controls
| Control ID | Name | IG |
|---|---|---|
| CIS-9.1 | Safeguard 9.1: Ensure Use of Only Fully Supported Browsers and Email Clients Ensure Use of Only Fully Supported Browsers and Email Clients | IG1 |
| CIS-9.2 | Safeguard 9.2: Use DNS Filtering Services Use DNS Filtering Services | IG1 |
| CIS-9.3 | Safeguard 9.3: Maintain and Enforce Network-Based URL Filters Maintain and Enforce Network-Based URL Filters | IG2 |
| CIS-9.4 | Safeguard 9.4: Restrict Unnecessary Browser and Email Client Extensions Restrict Unnecessary Browser and Email Client Extensions | IG2 |
| CIS-9.5 | Safeguard 9.5: Implement DMARC Implement DMARC | IG2 |
| CIS-9.6 | Safeguard 9.6: Block Unnecessary File Types Block Unnecessary File Types | IG2 |
| CIS-9.7 | Safeguard 9.7: Deploy and Maintain Email Server Anti-Malware Protections Deploy and Maintain Email Server Anti-Malware Protections | IG3 |
Crosswalk density to NIST CSF 2.0
Top 12 NIST CSF categories by number of CIS v8.1 controls mapped. The distribution tells you where the framework's emphasis sits against NIST's six functions.
| NIST category | Controls mapped |
|---|---|
| PR.IR | 4 |
| AN.ASM | 3 |
| PR.AA | 3 |
| PR.PS | 3 |
| DE.CM | 3 |
| GV.OC | 2 |
| GV.PO | 2 |
| GV.OV | 2 |
| AN.TI | 2 |
| AN.TE | 2 |
| ID.AM | 2 |
| DE.AE | 2 |
Frequently asked questions
Which Implementation Group should we target?
IG1 is the minimum viable baseline for every organization regardless of size — if you don't have IG1 complete, that is the first place to close gaps. IG2 is appropriate for most mid-market organizations. IG3 is for enterprises with dedicated security teams and the ability to invest in advanced controls.
Is CIS the same as SANS Top 20?
CIS Controls descend from the SANS Top 20 (originally Consensus Audit Guidelines). The list has been renamed and restructured over multiple versions — SANS Top 20 became SANS CSC, then CIS CSC, then CIS Controls. v8.1 is the current edition.
How do CIS Controls relate to NIST CSF?
CIS is prescriptive; NIST CSF is programmatic. CIS tells you specific safeguards to implement. NIST CSF tells you how to organize a program and measure maturity. Organizations typically use NIST CSF for governance conversations and CIS for day-to-day control selection. SecurityStack crosswalks CIS safeguards to NIST CSF categories so your findings translate across both vocabularies.
Next
See your stack against CIS v8.1
Start a free assessment, select CIS v8.1 as a required framework, and see which controls your current tools already cover — and which gaps need new investment.