NEWORDER Logo

CIS CONTROLS

Homepage /  CIS Controls

CIS TOP-18 AND CIS TOP-20 CONTROLS

In today’s digital landscape, organisations in across the globe face an increasing number of cyber threats. With our head office in South Africa and our global headquarters in the Isle of Man, Tactical Cyber Security provides accessible expert services to clients across Africa, Europe, and the Middle East. Implementing a recognised global framework is essential, not only for compliance but also for proactive defence. The CIS Controls, formerly known as the CIS Top-20 and now streamlined into the CIS Top-18, provide a practical blueprint for organisations to secure their environments.

At NEWORDER, headquartered in South Africa, we deliver professional managed cybersecurity services designed to align with the CIS Controls framework. Our experts conduct CIS gap assessments to measure your current security posture, identify vulnerabilities, and provide implementation services to embed the CIS Top-18 controls into your operations. This ensures your organisation benefits from measurable, operational, and continuously optimised protection against cyber threats.

Middle Image
  • ACTIONABLE CYBERSECURITY MATURITY
  • REDUCED RISK OF BREACH
  • REGULATORY AND COMPLIANCE ALIGNMENT
  • INDEPENDENT EXPERT GUIDANCE
  • INDUSTRY-RELEVANT SOLUTIONS
  • PROACTIVE DEFENSE WITH ASM INTEGRATION
  • COMPETITIVE ADVANTAGE AND CUSTOMER TRUST

From CIS Top-20 to CIS Top-18: A Framework for Global Enterprises

The SANS Top-20 Critical Security Controls evolved into the CIS Controls and in 2024 were refined into 18 action-driven safeguards. This streamlined approach improves adaptability across on-premises, hybrid, and cloud environments. The controls are widely adopted across industries, including finance, healthcare, retail, and government, making them an ideal foundation for businesses across the continent looking to reduce risk exposure.

Each control addresses a critical area of Cyber Security, from asset visibility to incident response. The full list includes:

  1. Inventory and Control of Enterprise Assets
  2. Inventory and Control of Software Assets
  3. Data Protection
  4. Secure Configuration of Enterprise Assets and Software
  5. Account Management
  6. Access Control Management
  7. Continuous Vulnerability Management
  8. Audit Log Management
  9. Email and Web Browser Protections
  10. Malware Defences
  11. Data Recovery
  12. Network Infrastructure Management
  13. Network Monitoring and Defence
  14. Security Awareness and Skills Training
  15. Service Provider Management
  16. Application Software Security
  17. Incident Response Management
  18. Penetration Testing

These CIS Top-18 Controls represent internationally recognised best practices, making them both practical and defensible for organisations seeking cybersecurity maturity.

Why CIS Controls Matter to Your Organisation

Every organisation, whether in Europe, Africa, Middle East , or operating globally, faces the challenge of managing a constantly expanding digital footprint. Attackers look for the weakest entry points, and without a structured approach, those vulnerabilities can remain unnoticed until it is too late.

The CIS Top-18 Controls provide your organisation with a clear, prioritised framework to harden your environment and protect what matters most. When combined with Attack Surface Management (ASM), these controls deliver measurable improvements in resilience:

  • Identify exposures in real time with ASM and align remediation with CIS best practices.
  • Fortify critical assets using proven, globally recognised safeguards that reduce your risk exposure.
  • Improve compliance and maturity with a framework trusted across industries, including finance, healthcare, retail, and government.
  • Evolve your defences continuously to match the pace of modern cyber threats.

By adopting the CIS Controls, your organisation gains more than a checklist; it gains a living, practical defence model that scales with your operations, strengthens customer trust, and reduces the risk of costly breaches.

Call Us +27 012 880 5830
Contact us to book your CIS Gap Assessment

OTHER SERVICES

THE LEADING CYBER SECURITY LIFESTYLE BRAND

TACTICAL MANAGED CYBER PROTECTION

CONTACT US