Compliance & Frameworks
CIS Controls
Also known as: CIS Top 18, SANS Top 20 (legacy)
Definition
A prioritized set of best-practice cybersecurity safeguards maintained by the Center for Internet Security to defend against the most common cyberattacks.
Examples
- An SMB adopting IG1 safeguards to build a baseline security programme.
- A vendor mapping its product to specific CIS safeguards in marketing materials.
Related terms
NIST Cybersecurity Framework
A voluntary risk-based framework published by the U.S. National Institute of Standards and Technology that organizes cybersecurity outcomes into six core functions.
ISO/IEC 27001
The international standard specifying requirements for an Information Security Management System (ISMS), against which organizations can be formally certified.
OWASP Top 10
OWASP Top 10 — definition coming soon.
Security Controls
Safeguards or countermeasures — technical, administrative, or physical — used to prevent, detect, or respond to threats against information assets.
Compliance
The discipline of meeting legal, regulatory, contractual, and internal security requirements through documented controls, evidence collection, and ongoing assessment.
System Hardening
Reducing the attack surface of a system by removing unnecessary features, tightening configurations, and enforcing secure defaults.