CIS 18 CONTROLS

CIS 18 controls – gain structure and momentum in collaboration

CIS 18 cannot be implemented in isolation. It requires coordination between compliance, IT and leadership. Wired Relations provides you with a shared foundation to manage controls, assign tasks, and handle reporting – making it easier for the entire organisation to contribute.

Get a CIS 18 demo
jonas

Companies all over Europe already build sustainable GRC programmes with Wired Relations

The challenge

Implementing CIS 18 is demanding. Driving behavioural change that reduces cyber risk is even harder.

Cyber threats are growing in size and number. CIS 18 is a solid framework for reducing risks, but it puts a heavy load on the compliance function. You need to revise existing policies, develop new ones, maintain security measures, document changes, and regularly report on all 18 controls.

Building new layers of cybersecurity also demands organisational change. New technologies must be adopted, or new ways of working established. Resistance to change is often the biggest barrier to effective CIS 18 implementation.

Typical everyday challenges faced by compliance professionals

Typing, typing, typing, typing...

My colleagues need to change habits… but how?

IT works in their own systems – and I’m not invited

The endless hunt for (mis)placed policies

No insight, but I still need to report

7 ways Wired Relations reduces your CIS 18 workload

Map all policies to exsisting data for easy access

CIS 18 requires you to document company policies and procedures. If you’re using our Data Compliance Pipeline, much of the work is already done. If not, you can quickly map systems and vendors in Wired Relations – and automatically link them to relevant CIS 18 policies.

System & vendor management
jonas
img

Use the same data as IT

With Wired Relations (and our integrations), you’ll work with the same data IT relies on. This makes it easier to align on how to mitigate cyber risks.

Integration options
jonas

Import CIS 18 controls and avoid over- or under-implementation

You can import all three implementation groups and 153 safeguards – or just start with the group that fits your organisation. All controls come pre-filled with descriptions and tasks. You save hours of manual entry and avoid typing errors.

img

Stay on top of your controls

The Task Manager in Wired Relations contains all your controls and notifies you when action is needed. You can easily see your workload month-to-month, do evaluations on each control, and see all history of completion and actions across users.

Task management
jonas
img

Share the responsibility for IT security

You can assign control tasks to colleagues. It’s easy for them to report back, while you maintain full oversight of responsibilities and progress.

img

Build a CIS 18 management report

You’ll need to report on CIS 18 to both leadership and external auditors. When everything is connected in one system, reporting becomes simple. Wired Relations ensures you always have an up-to-date overview of your control activities.

Management reporting
jonas
img

Reuse controls across frameworks

Many work with multiple frameworks, and several controls overlap. Wired Relations is built so that when a control is marked “done” in one framework, it’s automatically recognised in the others as well.

Manage multiple frameworks
jonas
Visual showing a completed control task titled ‘Control that assigned accesses are still relevant’, due 30 June 2023 and labeled ‘Organisational control’. The control is linked to compliance frameworks ISO27002, CIS 18, and NIS2, all marked with check symbols and connected to a ‘Complete’ status box.
  • Assess your current security posture
    Identify existing policies, risks and compliance gaps.
  • Select relevant controls and implementation group (IG1–IG3)
    Prioritise based on your size, resources and risk profile.
  • Define policies and procedures
    Document who does what – and when.
  • Automate where possible
    Use integrations and task management to streamline efforts.
  • Evaluate continuously
    Adjust and improve based on feedback and emerging threats.

How to implement CIS 18 controls – step by step

CIS 18 is divided into three Implementation Groups (IG1, IG2 and IG3) based on company size, risk level, and available resources. This allows you to tailor your security efforts to your current reality – wherever you are in your cybersecurity journey.

  • IG1 – Basic cyber hygiene for small businesses
  • IG2 – Enhanced protection for mid-sized organisations
  • IG3 – Advanced security for large enterprises and high-risk sectors

You choose the level that fits your needs – and can always scale up over time.

Adapt CIS 18 to your organisation's size

Frequently Asked Questions about CIS 18 benefits and methods

Why is CIS 18 important for my organisation?

It provides a practical way to protect your data, systems and processes from cyberattacks.

What if we’re already working with ISO 27001?

Many CIS 18 controls overlap with ISO – allowing you to align and streamline both frameworks.

What’s the difference between IG1, IG2 and IG3?

These three groups help you choose the right implementation level – without overdoing it.

Can compliance and IT work together in the same system?

Yes. With the right tools, compliance and IT can collaborate in a shared platform – reducing duplication and improving coordination.

Read our recent blog posts on InfoSec

Is annual cycle just a buzzword? No, it's a key to progress

5 reasons why infosec and privacy teams should work in the same system

The hackers are coming: How to create an actionable disaster recovery plan