🛡️ Security Controls

Relevant security controls from major frameworks:

CIS Critical Security Controls® v8.0

10.110.211.111.212.112.214.1
Hide Control Details (7 controls)
10.1Deploy and Maintain Anti-Malware Software
DevicesProtect
Deploy and maintain anti-malware software on all enterprise assets.
10.2Configure Automatic Anti-Malware Signature Updates
DevicesProtect
Configure automatic updates for anti-malware signature files on all enterprise assets.
11.1Establish and Maintain a Data Recovery Process 
DataRecover
Establish and maintain a data recovery process. In the process, address the scope of data recovery activities, recovery prioritization, and the security of backup data. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
11.2Perform Automated Backups 
DataRecover
Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data.
12.1Ensure Network Infrastructure is Up-to-Date
NetworkProtect
Ensure network infrastructure is kept up-to-date. Example implementations include running the latest stable release of software and/or using currently supported network-as-a-service (NaaS) offerings. Review software versions monthly, or more frequently, to verify software support.
12.2Establish and Maintain a Secure Network Architecture
NetworkProtect
Establish and maintain a secure network architecture. A secure network architecture must address segmentation, least privilege, and availability, at a minimum.
14.1Establish and Maintain a Security Awareness Program
N/AProtect
Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise’s workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard.
Attribution

Copyright Notice
© 2025 Center for Internet Security, Inc. ("CIS"). All rights reserved.

License
This product/service incorporates the CIS Critical Security Controls® with the express permission of the Center for Internet Security, Inc. Use of the CIS Controls in this commercial offering is authorized under a commercial license granted by CIS.

Trademark Notice
"CIS®" and "CIS Critical Security Controls®" are registered trademarks of the Center for Internet Security, Inc. and are used under license.

Source Reference
The original CIS Critical Security Controls are available, free of charge for non-commercial use, at: https://www.cisecurity.org/controls.

Disclaimer
CIS does not endorse, certify, or warrant this product/service. Any views or interpretations are those of Paranoid Cybersecurity, not CIS.