VoluntaryCISInternationalv8.0

CIS Controls v8

CIS Critical Security Controls v8

Un ensemble priorisé de 18 contrôles déclinés en 153 mesures, organisés par groupes d'implémentation (IG1–IG3). Le CIS publie des correspondances vers NIST CSF, ISO 27001 et d'autres cadres.

Official source ↗

Who it applies to

Any sectorSMB to enterpriseInternational

Toute organisation souhaitant un socle de sécurité priorisé et concret. S'adapte par groupe d'implémentation (IG1–IG3), permettant aux PME comme aux grandes entreprises d'adopter un sous-ensemble à leur mesure.

Control 1: Inventory of Enterprise Assets

1.1 Establish and maintain detailed enterprise asset inventory
Maintain an accurate, detailed and up-to-date inventory of all enterprise assets.
6 mapped

Control 3: Data Protection

3.11 Encrypt sensitive data at rest
Encrypt sensitive data at rest on servers, applications and databases.
15 mapped

Control 5: Account Management

5.1 Establish and maintain an inventory of accounts
Maintain an inventory of all accounts managed in the enterprise.
1 mapped

Control 6: Access Control Management

6.1 Establish an access granting process
Establish and follow a process for granting access to enterprise assets upon new hire or role change.
16 mapped

Control 7: Continuous Vulnerability Management

7.1 Establish and maintain a vulnerability management process
Establish and maintain a documented vulnerability management process for enterprise assets.
10 mapped

Control 8: Audit Log Management

8.1 Establish and maintain an audit log management process
Establish and maintain a documented audit log management process defining the enterprise's logging requirements.
11 mapped

Control 4: Secure Configuration of Assets and Software

4.1 Establish and maintain a secure configuration process
Establish and maintain a secure configuration process for enterprise assets and software.
10 mapped

Control 11: Data Recovery

11.1 Establish and maintain a data recovery process
Establish and maintain a documented data recovery process covering scope, prioritisation and backup security.
6 mapped