April 25, 2021

CIS Controls Implementation – Questions

Hello folks!

It would be my first time implementing CIS Top 20 Controls in a company and I was hoping to find the answer of some questions here.

The company is a small one based in Europe. I have to use the Implementation Group 1 for a small company. By checking the CIS Controls Navigator, I’ve notice that every control has sub-control. By clicking on one if these sub-controls (for example for Control 1) I can see different Groups such as CMMC, ISO 27001, NIST 800-53, NIST-800-800-171, etc).

My question is, should I implement all of these frameworks (of course only the components which are mentioned in the CIS site) and if not why.

Also, why the CIS Controls have some many different chunks of different frameworks,guidance, standards? All of the frameworks are overlapping at some point anyway.

Bonus question: Which framework is appropriate for a Europe based company which has USA and Canadian customers?

Thank you in advance. I appreciate any piece of advice!

Have a wonderful day!

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.