Skip to main content
IT KORR
IT KORRKeeping Organizations Reliable & Resilient
Compliance & Governance · Download

CIS Controls IG1 Starter Checklist

A practical starter checklist of representative CIS Controls Implementation Group 1 (IG1) safeguards across several of the 18 controls.

IT KORR Knowledge Center

CIS Controls IG1 Starter Checklist

A practical starter checklist of representative CIS Controls Implementation Group 1 (IG1) safeguards across several of the 18 controls.

Inventory & Configuration

  • Maintain an accurate, current inventory of enterprise assets (hardware) connected to the network.
  • Maintain an inventory of authorized software; remove or block unauthorized software.
  • Establish and maintain secure configuration standards for enterprise assets and software.
  • Change default passwords and disable unnecessary default accounts on all systems before deployment.

Access Control Management

  • Maintain an inventory of accounts, and disable or delete accounts no longer in use.
  • Use unique, individual accounts for all users — no shared credentials.
  • Require multi-factor authentication for all externally-exposed applications and remote access.
  • Restrict administrator privileges to dedicated administrator accounts, separate from daily-use accounts.

Malware Defenses & Data Recovery

  • Deploy and centrally manage anti-malware software on all enterprise assets.
  • Ensure anti-malware signatures are updated automatically on a regular cadence.
  • Perform automated backups of in-scope data on a defined schedule.
  • Protect recovery data with equivalent access controls and periodically test data restoration.

Awareness Training & Incident Response Management

  • Establish and maintain a security awareness program for all workforce members.
  • Train workforce members to recognize social engineering attacks, including phishing.
  • Designate personnel to manage incident handling, and document a basic incident response process.
  • Establish reporting processes so staff know how to report a suspected incident.

Related Resources

  • CIS Controls Overview — /knowledge-center/compliance/compliance-governance/cis-controls-overview
  • NIST Cybersecurity Framework Overview — /knowledge-center/compliance/compliance-governance/nist-cybersecurity-framework-overview

This document is a starting-point resource, not legal or compliance advice. Review it against your organization's actual systems before adoption — see the full Compliance & Governance Hub for the reasoning behind each recommendation, or use the Compliance Readiness Assessment for a personalized review.

Build: add8299 | Built: Jul 9, 2026 9:26 PM EDT