1. Basic CIS Controls
   1. 1. Inventory and Control of Hardware Assets
   2. 2. Inventory and Control of Software Assets
   3. 3. Continuous Vulnerability Management
   4. 4. Controlled Use of Administrative Privileges
   5. 5. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers
   6. 6. Maintenance, Monitoring and Analysis of Audit Logs
2. Foundational CIS Controls
   1. 7. Email and Web Browser Protections
   2. 8. Malware Defenses
   3. 9. Limitation and Control of Network Ports, Protocols and Services
   4. 10. Data Recovery Capabilities
   5. 11. Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
   6. 12. Boundary Defense
   7. 13. Data Protection
   8. 14. Controlled Access Based on the Need to Know
   9. 15. Wireless Access Control
   10. 16. Account Monitoring and Control
3. Organizational CIS Controls
   1. 17. Implement a Security Awareness and Training Program
   2. 18. Application Software Security
   3. 19. Incident Response and Management
   4. 20. Penetration Tests and Red Team Exercises