ISpectra Technologies
Frameworks · Security Baseline

What is CIS Controls?

A prioritised set of 18 safeguards from the Center for Internet Security that gives any organisation a practical, defense-in-depth starting point.

Definition

The CIS Controls are a prioritised set of 18 cybersecurity safeguards, maintained by the Center for Internet Security (CIS), that defend against the most common and damaging attacks. Each control breaks down into specific “safeguards,” grouped into three Implementation Groups (IG1–IG3) so organisations of different sizes and risk profiles can adopt them incrementally.

Because the CIS Controls map cleanly to frameworks like NIST CSF, ISO 27001 and SOC 2, they’re widely used as a pragmatic baseline and as the backbone of a broader compliance program.

How the CIS Controls are structured

1

18 Controls

From inventory of assets and software to incident response and penetration testing.

2

150+ Safeguards

Concrete, measurable actions grouped under the 18 controls.

3

Implementation Group 1 (IG1)

Essential cyber hygiene for smaller organisations.

4

Implementation Group 2 (IG2)

For organisations managing more sensitive data.

5

Implementation Group 3 (IG3)

For mature organisations facing sophisticated threats.

Who needs to comply?

The CIS Controls suit any organisation looking for a clear, prioritised security roadmap — especially those early in their security journey or preparing for SOC 2, ISO 27001 or NIST-based programs.

How ISpectra helps

ISpectra assesses your environment against the CIS Controls, prioritises safeguards by Implementation Group, and builds a remediation roadmap that doubles as the foundation for SOC 2, ISO 27001 or NIST compliance.

Talk to an advisor