A Definitive Guide to Understanding and Meeting the CIS Critical Security Controls

 

Published March 2020

Rapid7_A_Definitive_Guide

Everyone in security has heard of the CIS Critical Security Controls, but not all understand exactly how to implement them. The CIS controls supplement almost every other security framework, such as NIST, CSF, NIST 800.53, ISO 27001, PCI, and HIPAA, and they’re a useful base for developing or assessing your security program. However, with lengthy documentation and many methods out there for meeting them, implementing these controls can be a daunting project to embark on. Because of this, Rapid7’s Advisory Services team, which specializes in security assessments for organizations, developed this guide to explain each control in plain language and assess how it can be approached, evaluated, and implemented.