Security Controls

🛡️ Security Controls

Relevant security controls from major frameworks:

CIS Critical Security Controls® v8.0

14.114.214.612.112.2
Hide Control Details (5 controls)
14.1Establish and Maintain a Security Awareness Program
N/AProtect
Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise’s workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard.
14.2Train Workforce Members to Recognize Social Engineering Attacks
N/AProtect
Train workforce members to recognize social engineering attacks, such as phishing, pre-texting, and tailgating. 
14.6Train Workforce Members on Recognizing and Reporting Security Incidents
N/AProtect
Train workforce members to be able to recognize a potential incident and be able to report such an incident. 
12.1Ensure Network Infrastructure is Up-to-Date
NetworkProtect
Ensure network infrastructure is kept up-to-date. Example implementations include running the latest stable release of software and/or using currently supported network-as-a-service (NaaS) offerings. Review software versions monthly, or more frequently, to verify software support.
12.2Establish and Maintain a Secure Network Architecture
NetworkProtect
Establish and maintain a secure network architecture. A secure network architecture must address segmentation, least privilege, and availability, at a minimum.
Attribution

Copyright Notice
© 2025 Center for Internet Security, Inc. ("CIS"). All rights reserved.

License
This product/service incorporates the CIS Critical Security Controls® with the express permission of the Center for Internet Security, Inc. Use of the CIS Controls in this commercial offering is authorized under a commercial license granted by CIS.

Trademark Notice
"CIS®" and "CIS Critical Security Controls®" are registered trademarks of the Center for Internet Security, Inc. and are used under license.

Source Reference
The original CIS Critical Security Controls are available, free of charge for non-commercial use, at: https://www.cisecurity.org/controls.

Disclaimer
CIS does not endorse, certify, or warrant this product/service. Any views or interpretations are those of Paranoid Cybersecurity, not CIS.