The CIS Controls are about getting cybersecurity done. This framework considers the factors of people, process and technology, and uses straightforward language to reflect that philosophy. Although these controls were originally developed by the Center for Internet Security (CIS) to guide enterprise IT cybersecurity and data protection, adoption among critical infrastructure companies is rapidly increasing because of increased cyber threats to industrial control systems (ICS).
This implementation guide adapts the CIS Controls for the unique needs of industrial control systems and offers helpful tips from ICS experts who have real-world experience using these controls in operational technology (OT) systems. This guide will help you to: