IT KORR Knowledge Center
CIS Controls IG1 Starter Checklist
A practical starter checklist of representative CIS Controls Implementation Group 1 (IG1) safeguards across several of the 18 controls.
Inventory & Configuration
- Maintain an accurate, current inventory of enterprise assets (hardware) connected to the network.
- Maintain an inventory of authorized software; remove or block unauthorized software.
- Establish and maintain secure configuration standards for enterprise assets and software.
- Change default passwords and disable unnecessary default accounts on all systems before deployment.
Access Control Management
- Maintain an inventory of accounts, and disable or delete accounts no longer in use.
- Use unique, individual accounts for all users — no shared credentials.
- Require multi-factor authentication for all externally-exposed applications and remote access.
- Restrict administrator privileges to dedicated administrator accounts, separate from daily-use accounts.
Malware Defenses & Data Recovery
- Deploy and centrally manage anti-malware software on all enterprise assets.
- Ensure anti-malware signatures are updated automatically on a regular cadence.
- Perform automated backups of in-scope data on a defined schedule.
- Protect recovery data with equivalent access controls and periodically test data restoration.
Awareness Training & Incident Response Management
- Establish and maintain a security awareness program for all workforce members.
- Train workforce members to recognize social engineering attacks, including phishing.
- Designate personnel to manage incident handling, and document a basic incident response process.
- Establish reporting processes so staff know how to report a suspected incident.
Related Resources
- CIS Controls Overview — /knowledge-center/compliance/compliance-governance/cis-controls-overview
- NIST Cybersecurity Framework Overview — /knowledge-center/compliance/compliance-governance/nist-cybersecurity-framework-overview