CIS Controls
· 8 min readCIS Controls v8.1 — Choosing the Right Implementation Group
IG1 as basic cyber hygiene, IG2 for growing enterprises, IG3 for regulated. Where each control belongs in a real programme.
Published 22 January 2026 · Updated 1 June 2026
IG1 is not optional
Every organisation, regardless of size, is expected to implement the 56 IG1 safeguards. They map cleanly onto SOC 2 CC6 and ISO 27001 Annex A.
Engage CHNYD Trace
Talk to a partner about CIS Controls — scoping calls are complimentary.
Request consultation →