The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) provides a means for these organizations to describe and make balanced risk-based decisions regarding their cybersecurity programs. This approach directly maps to an industry-driven set of cybersecurity best practices, methodologies and controls known as the Center for Internet Security Critical Security Controls, or the CIS Controls.
The CIS Controls, by design, are a prioritized set of technical controls aimed at helping organizations address the most common and pervasive threats attack methodologies that companies face on a daily basis. As such, the CIS Controls can provide an appropriate starting point for organizations who seek to achieve and progress through the NIST CSF. Following the CIS Controls will also allow organizations to leverage mappings to other regulations and frameworks (e.g. NIST 800-53, ISO 27001, NIST 800-39, 800-37, 800-30, ISO 27005, FAIR, etc.).
Together with the NIST CSF, the CIS Controls can drive the creation of a well-balanced foundational cybersecurity program that can grow in lock step with your organization.