All insights
CIS Controls
· 8 min read

CIS Controls v8.1 — Choosing the Right Implementation Group

IG1 as basic cyber hygiene, IG2 for growing enterprises, IG3 for regulated. Where each control belongs in a real programme.

Published 22 January 2026 · Updated 1 June 2026

IG1 is not optional

Every organisation, regardless of size, is expected to implement the 56 IG1 safeguards. They map cleanly onto SOC 2 CC6 and ISO 27001 Annex A.

Engage CHNYD Trace

Talk to a partner about CIS Controls — scoping calls are complimentary.

Request consultation →