https://www.cisecurity.org/controls/

  1. Inventory of Authorized and Unauthorized Devices Arrow

  2. Inventory of Authorized and Unauthorized Software Arrow

  3. Secure Configurations for Hardware and Software Arrow

  4. Continuous Vulnerability Assessment and Remediation Arrow

  5. Controlled Use of Administrative Privileges Arrow

  1. Maintenance, Monitoring, and Analysis of Audit Logs Arrow

  2. Email and Web Browser Protections Arrow

  3. Malware Defenses Arrow

  4. Limitation and Control of Network Ports Arrow

  5. Data Recovery Capability Arrow

  6. Secure Configurations for Network Devices Arrow

  7. Boundary Defense Arrow

  8. Data Protection Arrow

  9. Controlled Access Based on the Need to Know Arrow

  10. Wireless Access Control Arrow

  11. Account Monitoring and Control Arrow

  12. Security Skills Assessment and Appropriate Training to Fill Gaps Arrow

  13. Application Software Security Arrow

  14. Incident Response and Management Arrow

  15. Penetration Tests and Red Team Exercises Arrow