CIS Critical Security Controls

The CIS Critical Security Controls are a prioritized, easy to understand framework comprising core security principles essential for any organization. Discover the Fortra solutions that empower enterprises to meet the CIS benchmarks and fortify their foundational defenses with ease.

The CIS Critical Security Controls


The CIS Critical Security Controls are based on real-world attack scenarios, proven defenses, and NIST SP 800 53 underpinnings. These 18 Controls provide foundational security guidance on categories ranging from Inventory and Control of Enterprise Assets to Penetration, and over a dozen imperative basics in between. Originating in 2008 by a consortium of international companies, government agencies, and independent institutions, the CIS Controls are currently in their eighth version.

In her state’s 2016 Data Breach Report, Kamala D. Harris, then California Attorney General, stated: “The set of 20 Controls constitutes a minimum level of security – a floor – that any organization that collects or maintains personal information should meet.” Designed to “mitigate the most prevalent cyber-attacks against systems and networks,” CIS Controls v8 has been augmented to cover modern scenarios and systems, including cloud computing, virtualization, mobility, outsourcing, work-from-home, and evolving cybercriminal tactics.

The Controls give executives the benefit of free, government-sponsored research and validated principles upon which to build their cybersecurity strategy. Referenced by the U.S. Government and the National Institute of Standards and Technology (NIST), and adopted by The European Telecommunications Standards Institute (ETSI), these Controls are given the trend of bad actors towards low-level threats. As attackers continue to exploit our weakest links, the CIS Controls shore up security essentials and thwart the next generation of cybercrime opportunists.



CIS Benchmarks

The CIS Controls have been adopted by thousands of organizations of all sizes to manage risk and defend against the evolving threats. Implementing these controls provides a solid foundation upon which additional security and compliance controls can be layered.

The latest release of the CIS Controls includes simplified language and requirements for the cloud, hybrid environments, and the ever-changing tactics from criminal actors.

How Fortra Helps

Fortra and CIS Controls

Fortra security solutions helps organizations with 16 of the 18 CIS Controls. Below are each of the controls along with the solution that can help address them.

Control Number and Name

1. Inventory and Control of Enterprise Assets

2. Inventory and Control of Software Assets

3. Data Protection

4. Secure Configuration of Enterprise Assets

5. Account Management

6. Access Control Management

7. Continuous Vulnerability Management

8. Audit Log Management

9. Email and Web Browser Protections

10. Malware Defenses

11. Data Recovery

Fortra's cybersecurity portfolio does not currently cover this CIS Control.

12. Network Infrastructure Management

13. Network Monitoring and Defense

14. Security Awareness and Skill Training

15. Service Provider Management

Fortra's cybersecurity portfolio does not currently cover this CIS Control.

16. Application Software Security

17. Incident Response Management

18. Penetration Testing

Make the CIS Controls an Integral Part of Your Cybersecurity Strategy

Speak with a Fortra subject matter expert about solutions to empower your organization to achieve CIS Critical Security Control compliance.

Contact Us