Skip to content

Questions & Answers

Is CIS CSC a framework?


Get the answers you need


Is CIS CSC a framework?


Yes, CIS CSC is a framework. The CIS CSC is a comprehensive set of security controls that provide organizations with the necessary guidance to protect their data and systems from cyber threats.

The framework is based on the 20 Critical Security Controls (CSCs) developed by the SANS Institute and is updated regularly to ensure organizations stay ahead of the latest threats. The CSCs are organized into five categories:

  1. Inventory and Control of Hardware Assets
  2. Inventory and Control of Software Assets
  3. Continuous Vulnerability Management
  4. Controlled Use of Administrative Privileges
  5. Secure Configuration Management

Each of these categories contains specific security controls that organizations must implement in order to be compliant with the CSCs. The framework also includes guidance on how to implement each security control and provides resources to help organizations assess their compliance.

Overall, the CIS CSC is an effective and comprehensive framework that provides organizations with the necessary guidance to protect their data and systems from cyber threats.