The
CIS Controls are 18 prioritized security practices developed by the Center for Internet Security. Control 1: asset inventory. Control 2: software inventory. Control 5: account management.
CIS Controls are prescriptive (tell you exactly what to do) vs. NIST CSF (framework). First 6 controls address the most critical risks. CIS Benchmarks provide OS-specific hardening guidelines.