CIS Controls

What Are the CIS Controls?

The CIS Controls, officially titled CIS Critical Security Controls (CSCs), are a prioritized set of best practices developed by the Center for Internet Security (CIS) to help organizations mitigate the most common cyberattacks. They offer a practical framework for implementing essential cybersecurity measures and significantly improving an organization’s security posture.

The purpose of CIS Controls is to provide organizations with a clear and actionable roadmap for improving cybersecurity hygiene, which leads to a minimum level of cybersecurity preparedness.

The CIS CSC contains 18 controls grouped into six categories:

  1. Inventory and Control of Hardware and Software Assets

  2. Security Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

  3. Continuous Vulnerability Management

  4. Controlled Use of Administrative Privileges

  5. Malware Defenses

  6. Data Recovery Capabilities

MergeBase and the CIS Controls

At MergeBase, data security is a top priority. We consistently uphold the highest cybersecurity standards in our systems and daily operations, and that approach also involves compliance with the CIS (Center for Internet Security) controls. These are well-established best practices in cybersecurity, and we ensure they are regularly integrated into our processes.

How Can MergeBase Help You Meet the CIS Controls Standards?

MergeBase excels in securing the software supply chain through vulnerability management and remediation, meaning we can support you in ensuring CIS Controls compliance.

Areas where MergeBase can help:

  • Continuous Vulnerability Management. MergeBase’s continuous scanning and patching of vulnerabilities in open-source components directly aligns with Control 5 (Malware Defenses) and Control 6 (Data Recovery Capabilities) by reducing potential attack vectors.

  • Malware Defenses. MergeBase indirectly contributes to Control 5 by minimizing vulnerabilities exploitable by malware, bolstering overall security.