Skip to content
Log in

Implementation Group (IG)

Definition

A CIS Controls concept that divides the 153 safeguards across three tiers by organisational size and risk profile. IG1 (56 safeguards) covers essential cyber hygiene applicable to all organisations. IG2 adds controls for organisations with dedicated security staff. IG3 covers advanced controls for high-risk environments. Most compliance crosswalks target IG1 as the minimum baseline.

Related terms

Crosswalk
A published table that aligns controls from two frameworks side by side to show which controls address the same security objective. NIST,...
CIS Benchmark
A technology-specific configuration hardening guide published by CIS for operating systems, cloud services, databases, and applications. Each Benchmark provides Level 1 (broadly...
CIS Controls Self-Assessment Tool (CSAT)
A free web-based tool provided by CIS that allows organisations to score their current implementation status for each Safeguard and generate a...
CIS Controls v8
The eighth version of the CIS Critical Security Controls, released in May 2021. It consolidates 18 Controls and 153 Safeguards, reorganised from...
Control catalogue
A structured list of security controls, each with an identifier, a statement of intent, and (in detailed catalogues) implementation guidance. Examples include...
Control family
A grouping of related controls within a catalogue. NIST SP 800-53 uses 20 families identified by two-letter codes: AC (Access Control), AU...
Gap analysis
The process of comparing what a framework requires against what an organisation has actually implemented, to identify controls that are absent, partial,...
Safeguard
The individual action item within a CIS Control. Each Safeguard specifies a concrete activity (for example, 'establish and maintain an accurate inventory...
Unified control mapping
An organisation-specific artefact that consolidates multiple crosswalks into a single table, adds columns for the organisation's own control implementations and evidence artefacts,...

Explained in these topics

  • CIS Controls and Implementation GroupsA risk-based tier that groups Safeguards by organisational complexity and data sensitivity. IG1 (56 Safeguards) is the minimum baseline for any organisation. I...
  • Mapping Controls Across FrameworksA CIS Controls concept that divides the 153 safeguards across three tiers by organisational size and risk profile. IG1 (56 safeguards) covers essential cyber h...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account