The CIS Controls are a prioritized list of concrete security measures, published by the Center for Internet Security, designed to be implemented progressively starting with the highest-impact controls.
Unlike more theoretical frameworks, the CIS Controls point to very operational actions, making them accessible to IT teams without a dedicated security expert.
A company starts with CIS Controls 1 and 2 (hardware and software inventory) before tackling more advanced controls.
Assess your organization's maturity on this topic
Start the diagnostic