The project was initiated early in 2008 in response to extreme data losses experienced by organizations in the US defense industrial base.
[2] The guidelines consist of 18 (originally 20) key actions, called critical security controls (CSC), that organizations should implement to block or mitigate known attacks.
The controls are designed so that primarily automated means can be used to implement, enforce and monitor them.
[3] The security controls give no-nonsense, actionable recommendations for cyber security, written in language that’s easily understood by IT personnel.
[4] Goals of the Consensus Audit Guidelines include CIS Benchmarks cover a wide range of technologies, including: