Best practice

CIS Controls v8

Centre for Internet Security — Cybersecurity Best Practices

The CIS Controls (Centre for Internet Security Controls) are a prioritised set of cybersecurity actions developed by a global community of security practitioners. Version 8 consolidates the framework into 18 controls organised across three implementation groups (IG1, IG2, IG3), from basic hygiene to advanced security practices.

Our position: SoftSol is not accredited by CIS. We apply CIS Controls as our cybersecurity framework of reference, using it to guide how we protect managed client environments and our own infrastructure.

The 18 CIS Controls

1. Inventory and control of enterprise assets
2. Inventory and control of software assets
3. Data protection
4. Secure configuration of assets and software
5. Account management
6. Access control management
7. Continuous vulnerability management
8. Audit log management
9. Email and web browser protections
10. Malware defences
11. Data recovery
12. Network infrastructure management
13. Network monitoring and defence
14. Security awareness and skills training
15. Service provider management
16. Application software security
17. Incident response management
18. Penetration testing

How SoftSol applies these controls

Asset inventories are maintained for managed client environments (Control 1 & 2).
Endpoint protection and malware defences are applied across all managed devices (Control 10).
Patch management is conducted on a regular cycle, prioritising critical and high-severity vulnerabilities (Control 7).
Network segmentation and access controls are applied as standard across managed infrastructure (Controls 6 & 12).
Backup and tested recovery processes follow CIS Control 11 guidance (3-2-1 backup strategy).
Continuous network monitoring and event alerting is active across all managed environments (Control 13).
A documented incident response process is in place for security events (Control 17).