Course Content

Module 3: Control 2: Inventory and Control of Software Assets

Module 4: Control 3: Continuous Vulnerability Management

Module 5: Control 4: Controlled Use of Administrative Privileges

Module 6: Control 5: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

Module 7: Control 6: Maintenance, Monitoring, and Analysis of Audit Logs

Module 10: Control 9: Limitation and Control of Network Ports, Protocols, and Services

Module 15: Control 14: Controlled Access Based on the Need to Know

Module 18: Control 17: Implement a Security Awareness and Training Program

Module 21: Control 20: Penetration Tests and Red Team Exercises

Module 22: What Small and Medium Enterprises (SME) Need to Know about the CIS Controls

Module 23: Conclusion

Course Description

These security controls can be combined with frameworks, like NIST SP 800-37 (The NIST Risk Management Framework-RMF) to provide organizations with defense-in-depth best practices.

This course may help prepare students for industry certifications around the CIS Security Controls.The course will cover an overview of each control, map the controls to the NIST Cybersecurity Framework, and students will gain hands-on practice through labs in this course.


Students should be familiar with common IT and cybersecurity terminology. It is recommended that students have 1-2 years of experience working in the cybersecurity industry.

Course Goals

By the end of this course, students should be able to:

  • Understand what the 20 CIS security controls are
  • Understand how each control maps to the NIST Cybersecurity Framework

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor

Provided By


Course Components

On Demand Videos to learn from industry leaders
Virtual Labs to gain hands on experience and apply what you learned
Assessments to gauge understanding and comprehension

Certificate of Completion

Certificate Of Completion

Complete this entire course to earn a CIS Top 20 Critical Security Controls Certificate of Completion