What is CIS?

Published on February 6, 2019

The Center for Internet Security (CIS) is a non-profit organization aiming to create a secure cyber environment and also spread information about their work to the rest of the world. They continuously work to identify security threats and develop methods to avert them.


To assist organizations in structuring their work with cyber security, CIS has formulated a package of actions consisting of 20 security controls, each contributing to strengthening the defense against the most dangerous attacks currently occurring. This package of actions is called CIS – Controls. The 20 security controls are ordered by priority in a manner that lays focus on the areas where it is most critical to develop resistance against cyber attacks. The CIS controls have been updated on numerous occasions and in the latest version the first 6 actions are named basic controls. Actions 7-16 are called foundational controls and 17-20 are considered organizational controls.

The basic controls are characterized by their focus on ensuring that information is only provided to authorized users but also systematic monitoring of the deficiencies and possible incidents in regard to the system. These controls are thus very basic measures that are extremely critical to apply in order to protect yourself in the modern cyber world. The foundational measures are well-chosen technical actions formulated to provide effective results. These actions, along with the organizational controls, are suitable for anyone who wants to assure that they have done what they can to protect their information assets. If you are unsure if your organization applies procedures with effects that are comparable to what these measures are intended to accomplish, a GAP analysis may be a good starting point. In addition to this service, Secure State Cyber ​​also offers several other implementation and educational services. More information about this is available here.