What is CIS Controls v8 ?
CIS Critical Security Controls v8 are a set of 18 prioritized security controls developed by the Center for Internet Security. They represent the most effective defensive actions to protect organizations against the most common attacks. Controls are organized in 3 implémentation groups (IG1, IG2, IG3) based on the organization's maturity and resources. IG1 represents the essential cyber hygiene baseline that every organization should implement.
Key Points
- 18 controls covering inventory, configuration, access, logging, email/web protection, anti-malware defenses, and more
- 3 implémentation groups: IG1 (essential hygiene, 56 safeguards), IG2 (intermediate, 74 more), IG3 (advanced, 23 more)
- Data-driven approach: control prioritization based on effectiveness against real-world attacks
- 153 total safeguards, each with measurable metrics and test procedures
- Official mapping to NIST CSF, ISO 27001, PCI DSS, HIPAA, and other frameworks
Why Zaxyr
Zaxyr enables rapid assessment of your CIS Controls compliance based on your implémentation group (IG1, IG2, or IG3). The platform automates evidence collection for all 153 safeguards, identifies gaps, and proposes a prioritized action plan. Native mapping to ISO 27001, NIST CSF, and NIS2 lets you leverage CIS Controls progress across other frameworks.