CIS Controls v8, published by the Center for Internet Security (CIS) in May 2021, provides 18 prioritised cybersecurity controls containing 153 individual safeguards. Unlike ISO 27001 or NIST CSF, CIS Controls are intentionally prescriptive — telling organisations exactly what to do — making them ideal for organisations that want concrete, actionable security improvements without the complexity of a full management system framework.
A standout feature is the Implementation Group (IG) model: IG1 (56 safeguards) covers essential cyber hygiene for small organisations with limited resources; IG2 adds 74 safeguards for medium-complexity environments; IG3 (all 153) is for mature organisations facing sophisticated threats. Every organisation can start at IG1 and progress — making CIS Controls highly accessible for Indian SMEs and startups.