Mapping & Analysis: CIS Critical Security Controls - NIST Risk Management Framework 800-53 Security Controls
Sources:
- Organizations:
- National Institute of Technology (NIST)
- Center for Internet Security (CIS)
- Data Sources:
The CIS Critical Security Controls are comprised of the following 18 controls:
- Inventory and Control of Enterprise Assets
- Inventory and Control of Software Assets
- Data Protection
- Secure Configuration of Enterprise Assets and Software
- Account Management
- Access Control Management
- Continuous Vulnerability Management
- Audit Log Management
- Email and Web Browser Protections
- Malware Defenses
- Data Recovery
- Network Infrastructure Management
- Network Monitoring and Defense
- Security Awareness and Skills Training
- Service Provider Management
- Application Software Security
- Incident Response Management
- Penetration Testing
The bar chart below provides the number of NIST security controls to implement each of the 18 CIS Critical Security Controls. Here's some summary baseline count info:
- LOW = 85 NIST security controls
- MODERATE = 159 NIST security controls
- HIGH = 161 NIST security controls
Link to corresponding table chart - here.