🛡️ Security Controls

Relevant security controls from major frameworks:

CIS Critical Security Controls® v8.0

14.114.214.314.6
Hide Control Details (4 controls)
14.1Establish and Maintain a Security Awareness Program
N/AProtect
Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise’s workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard.
14.2Train Workforce Members to Recognize Social Engineering Attacks
N/AProtect
Train workforce members to recognize social engineering attacks, such as phishing, pre-texting, and tailgating. 
14.3Train Workforce Members on Authentication Best Practices
N/AProtect
Train workforce members on authentication best practices. Example topics include MFA, password composition, and credential management.
14.6Train Workforce Members on Recognizing and Reporting Security Incidents
N/AProtect
Train workforce members to be able to recognize a potential incident and be able to report such an incident. 
Attribution

Copyright Notice
© 2025 Center for Internet Security, Inc. ("CIS"). All rights reserved.

License
This product/service incorporates the CIS Critical Security Controls® with the express permission of the Center for Internet Security, Inc. Use of the CIS Controls in this commercial offering is authorized under a commercial license granted by CIS.

Trademark Notice
"CIS®" and "CIS Critical Security Controls®" are registered trademarks of the Center for Internet Security, Inc. and are used under license.

Source Reference
The original CIS Critical Security Controls are available, free of charge for non-commercial use, at: https://www.cisecurity.org/controls.

Disclaimer
CIS does not endorse, certify, or warrant this product/service. Any views or interpretations are those of Paranoid Cybersecurity, not CIS.