Record of Processing Activities
Transfer Impact Assessment
Privacy Impact Assessment
Cybersecurity Controls
Cybersecurity Risk Management
Interactive Awareness Program
CIS Critical Security Controls v8.1
Prioritised, evidence-based security practices developed by the Center for Internet Security. 18 controls, 153 safeguards, 3 implementation groups — from SME cyber hygiene to enterprise hardening. Available on the Premium plan.
The most actionable
cybersecurity control framework
The CIS Critical Security Controls (CIS Controls) are a prioritised set of best practices created by the Center for Internet Security (CIS) to defend against the most prevalent cyber attacks. Version 8.1 — the current release — consolidates and modernises the controls for cloud, mobile, and hybrid environments.
Unlike framework-level documents, CIS Controls are practitioner-focused: each of the 153 safeguards maps to a specific, implementable action. Implementation Groups (IG1/IG2/IG3) let organisations prioritise based on their size, risk profile, and available security resources.
CIS Controls are widely cross-referenced in NIST CSF, ISO 27001, PCI DSS, HIPAA, and CMMC — implementing CIS Controls earns partial credit across multiple compliance frameworks simultaneously.
Start where you are — scale as you grow
CIS Controls uses Implementation Groups to help organisations prioritise. Every organisation should achieve IG1 first — it covers the most critical safeguards against common attacks.
56 safeguards applicable to all organisations regardless of size. Protects against the most common attacks. Suitable for SMEs with limited security resources.
74 additional safeguards for organisations with more complex IT environments — multiple departments, regulated data, greater risk exposure. Includes IG1.
23 additional safeguards for enterprises with dedicated security teams facing sophisticated adversaries — critical infrastructure, high-value targets. Includes IG1 + IG2.
All 18 CIS Controls — what you must implement
Each control has a badge showing its minimum Implementation Group: IG1 = required for all organisations.
Inventory and Control of Enterprise Assets
Actively manage all hardware assets — computers, network devices, IoT — so only authorized devices can access the network.
Inventory and Control of Software Assets
Actively manage all software on your network so only authorized software can execute.
Data Protection
Develop processes and technical controls to identify, classify, securely handle, retain, and dispose of data.
Secure Configuration of Enterprise Assets and Software
Establish and maintain secure configurations of enterprise assets and software to reduce the attack surface.
Account Management
Use processes and tools to assign and manage authorization for all accounts — user, admin, and service.
Access Control Management
Use processes and tools to create, assign, manage, and revoke access credentials and privileges.
Continuous Vulnerability Management
Continuously acquire, assess, and act on vulnerability intelligence to remediate and minimize the window of opportunity for attackers.
Audit Log Management
Collect, alert, review, and retain audit logs to detect, understand, or recover from attacks.
Email and Web Browser Protections
Improve protections and detections of threats from email and web vectors — the primary initial attack vectors.
Malware Defenses
Prevent or control the installation, spread, and execution of malicious applications, code, or scripts.
Data Recovery
Establish and maintain practices sufficient to restore in-scope assets to a pre-incident and trusted state.
Network Infrastructure Management
Establish, implement, and actively manage network devices to prevent attackers from exploiting vulnerable network services and access points.
Network Monitoring and Defense
Operate processes and tooling to establish and maintain comprehensive network monitoring and defense against security threats.
Security Awareness and Skills Training
Establish and maintain a security awareness program to influence behavior among the workforce to be security conscious.
Service Provider Management
Develop a process to evaluate service providers who hold sensitive data or are responsible for critical IT platforms.
Application Software Security
Manage the security lifecycle of all in-house developed and acquired software to prevent, detect, and remediate security weaknesses.
Incident Response Management
Establish a program to develop and maintain an incident response capability to prepare, detect, contain, and recover from attacks.
Penetration Testing
Test the effectiveness and resiliency of enterprise assets by simulating adversary attack objectives and actions.
CIS Controls v8.1 vs NIST CSF 2.0 — which do you need?
CIS Controls and NIST CSF are complementary. Many organisations use NIST CSF for governance and CIS Controls for day-to-day implementation. Unicis supports both simultaneously.
| Criteria | CIS Controls v8.1 | NIST CSF 2.0 |
|---|---|---|
| Type | Prioritised control list | Voluntary risk management framework |
| Structure | 18 Controls, 153 Safeguards | 6 Functions, 22 Categories, 106 Subcategories |
| Audience | Security practitioners & IT teams | Risk managers & executives |
| Maturity path | IG1 → IG2 → IG3 | Tier 1 → Tier 4 |
| Certification | No formal certification | No formal certification |
| Best used for | Practical hardening & control implementation | Risk governance & programme design |
How Unicis supports CIS Controls v8.1
Unicis Atlassian Apps
Unicis Platform Modules
Who uses CIS Controls?
CIS Controls scale from small businesses (IG1 — 56 safeguards) to large enterprises (IG3 — all 153 safeguards). Widely adopted across healthcare, finance, government, education, critical infrastructure, and any organisation subject to cybersecurity regulations.
Multi-Framework Support
11 Compliance Frameworks Supported
From the minimum viable security baseline to enterprise-grade standards — coverage for every compliance requirement.
Start implementing CIS Controls v8.1 with Unicis
Track all 18 CIS Controls and 153 safeguards across IG1/IG2/IG3 with automated GAP analysis and cross-framework mapping to NIST CSF, ISO 27001, and NIS2. Available on the Premium plan.