CIS Controls Insights

What is CIS Controls?

The CIS Controls (formerly known as the SANS Top 20 Critical Security Controls) are a prioritized set of actions that organizations can take to protect themselves from the most pervasive and dangerous cyber attacks. They provide a concise focus for prioritizing security investments and improving an organization's overall cyber defense posture. They are commonly used as a framework for implementing and managing cybersecurity, for auditing, and for compliance purposes.

Find organizations using CIS Controls on Sumble →

What other technologies are related to CIS Controls?

CIS Controls Complementary Technologies

NIST CSF

NIST CSF provides a framework for organizing and improving cybersecurity practices, which aligns well with the CIS Controls by offering a broader perspective and allowing organizations to map CIS Controls to specific NIST CSF functions and categories.

mentioned alongside CIS Controls in 8% (884) of relevant job posts

NIS 2.0

NIS 2.0 (Network and Information Security Directive) is a European directive focused on cybersecurity. It is complementary to CIS Controls as CIS Controls can be used to implement technical aspects of NIS 2.0.

mentioned alongside CIS Controls in 80% (84) of relevant job posts

ISO 27001

ISO 27001 is an international standard for information security management systems. It is complementary to CIS Controls, as CIS Controls provide specific, actionable steps to implement security controls needed for ISO 27001 certification.

mentioned alongside CIS Controls in 2% (1.5k) of relevant job posts