Welcome to The CIS Windows 10 Implementation Guide!

In this document, guidance is provided on how to apply the security best practices found in CIS Controls Version 7.1 to Windows 10 Pro environments. As a non-profit driven by its volunteers, we are always in the process of looking for new topics and assistance in creating cybersecurity guidance. If you are interested in volunteering and/or have questions, comments, or have identified ways to improve this guide, please write us at controlsinfo@cisecurity.org.

Table of Contents

• Introduction
• CIS Control 1: Inventory and Control of Hardware Assets
• CIS Control 2: Inventory and Control of Software Assets
• CIS Control 3: Continuous Vulnerability Management
• CIS Control 4: Controlled Use of Administrative Privileges
• CIS Control 5: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
• CIS Control 6: Maintenance, Monitoring and Analysis of Audit Logs
• CIS Control 7: Email and Web Browser Protections
• CIS Control 8: Malware Defenses
• CIS Control 9: Limitation and Control of Network Ports, Protocols, and Services
• CIS Control 10: Data Recovery Capabilities
• CIS Control 11: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
• CIS Control 12: Boundary Defense
• CIS Control 13: Data Protection
• CIS Control 14: Controlled Access Based on the Need to Know
• CIS Control 15: Wireless Access Control
• CIS Control 16: Account Monitoring and Control
• CIS Control 17: Implement a Security Awareness and Training Program
• CIS Control 19: Incident Response and Management
• Appendix
• Acronyms & Abbreviations
• Links and Resources

How to Contribute

• Issue Tracking https://github.com/planglois925/Test_Controls_Doc/issues
• Source https://github.com/planglois925/Test_Controls_Doc

Contribution Guidelines

Here are the types of contributions we are looking for:

• Grammatical Fixes and errors
• Additional means for implementing a Sub-Control
• Well established tools and processes
• Additional References

License

This work is licensed under a Creative Commons Attribution-Non Commercial-No Derivatives 4.0 International Public License (the link can be found at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode).

To further clarify the Creative Commons license related to the CIS Controls™ content, you are authorized to copy and redistribute the content as a framework for use by you, within your organization and outside of your organization for non-commercial purposes only, provided that (i) appropriate credit is given to CIS, and (ii) a link to the license is provided. Additionally, if you remix, transform, or build upon the CIS Controls, you may not distribute the modified materials. Users of the CIS Controls framework are also required to refer to (http://www.cisecurity.org/controls/) when referring to the CIS Controls in order to ensure that users are employing the most up to date guidance. Commercial use of the CIS Controls is subject to the prior approval of CIS® (Center for Internet Security, Inc. ®).

Acknowledgements

CIS® (Center for Internet Security, Inc. ®) would like to thank the many security experts who volunteer their time and talent to support the CIS Controls™ and other CIS work. CIS products represent the effort of a veritable army of volunteers from across the industry, generously giving their time and talent in the name of a more secure online experience for everyone.

Editors:

• Joshua M Franklin

Contributors:

• Aaron Wilson
• Aaron Piper
• Robin Regnier
• Phil Langlois
• Phyllis Lee

Endnote

All references to tools or other products in this document are provided for informational purposes only, and do not represent the endorsement by CIS of any particular company, product, or technology.

Contact Information

• CIS
• 31 Tech Valley Drive
• East Greenbush, NY 12061
• 518.266.3460
• controlsinfo@cisecurity.org