CIS Controls v8.1 Copilot
Prioritise and implement the 18 CIS Controls v8.1 safeguards using Implementation Groups IG1, IG2 and IG3
What the CIS Controls v8.1 Copilot Can Do
Determine whether IG1, IG2 or IG3 is the right scope for your organisation
Work through all 18 CIS Controls v8.1 and their individual safeguards
Build an asset and software inventory baseline (Controls 1 and 2)
Prioritise quick-win IG1 safeguards for essential cyber hygiene first
Map CIS Controls v8.1 safeguards to the NIST CSF and ISO/IEC 27001 Annex A
Track safeguard implementation status and evidence for internal assurance
About CIS Controls v8.1 Copilot
The CIS Controls, published by the Center for Internet Security, are a prioritised set of safeguards to mitigate the most prevalent cyber-attacks. Version 8.1 organises defensive activity into 18 controls — covering areas such as inventory of enterprise and software assets, data protection, secure configuration, account and access control management, continuous vulnerability management, audit log management, malware defences, incident response and penetration testing. Each control is broken down into individual safeguards, and every safeguard is assigned to one of three Implementation Groups: IG1 (essential cyber hygiene for organisations with limited resources), IG2 (organisations managing more sensitive assets), and IG3 (organisations with mature programmes and regulatory exposure). v8.1 refines the asset classes and strengthens alignment with frameworks such as the NIST Cybersecurity Framework. The CIS Controls are an implementation guidance set, not a certification scheme — there is no "CIS Controls certificate" issued to organisations. ISMS Copilot helps you scope the right Implementation Group, work through the safeguards, and map your coverage to adjacent frameworks.
Frequently Asked Questions
What are the CIS Controls v8.1?
The CIS Controls v8.1 are a prioritised set of 18 controls, published by the Center for Internet Security, that decompose into individual safeguards. Each safeguard is assigned to an Implementation Group (IG1, IG2 or IG3) so organisations can scope their effort to their size, resources and risk.
Is there a CIS Controls certification?
The CIS Controls are implementation guidance, not a certification scheme — organisations are not issued a "CIS Controls certificate". They are commonly used as a practical roadmap and mapped to certifiable frameworks such as ISO/IEC 27001. ISMS Copilot does not issue certifications or attestations.
How does the CIS Controls v8.1 Copilot help?
It helps you select the appropriate Implementation Group, work systematically through the 18 controls and their safeguards, prioritise essential IG1 hygiene, and map your coverage to adjacent frameworks like the NIST CSF and ISO/IEC 27001.
Ready to do compliance work faster?
Built for speed, accuracy, and audit-ready output.