Framework · CIS Controls v8.1

Run your CIS Controls programme.
Prove where you stand.

01GRC gives you a working home for the CIS Controls — assess all 18 Controls and their 153 Safeguards, track implementation status, test effectiveness, capture evidence, and manage the gaps to closure, with several controls performed natively in the platform.

Request a demo Back to platform

18 Controls · 153 Safeguards · IG1–IG3 · built by GRC practitioners

app.01grc.com/frameworks/cis-controls

87% ▲ 5.5% this quarter

Enterprise assets · CIS 1 94%

Service providers · CIS 15 90%

Incident response · CIS 17 88%

Vulnerability mgmt · CIS 7 82%

153 Safeguards assessed · prioritised by IG1–IG3

3 service-provider reviews due against criticality this quarter

Why 01GRC for the CIS Controls

Assess, assure, and perform.

Every claim here maps to a shipped feature. 01GRC is where you assess, manage, test and evidence your CIS posture — and it natively performs a handful of the controls. It is not an endpoint, network, or scanning tool.

The full Safeguard set, ready to assess

All 18 Controls and 153 Safeguards are available as assessment criteria — the foundation for prioritising IG1, IG2 and IG3.

Assurance, not just a checklist

Each safeguard can carry an owner, an implementation status, a control test with KPIs, an effectiveness history and evidence.

Several controls performed natively

Asset inventory, service-provider management, security awareness training and incident response are real workflows, not documents.

Honest about the boundary

We say plainly which controls the platform performs and which it helps you manage while you implement them in your environment.

Assessment

Assess all 18 Controls and 153 Safeguards.

Drive the CIS Controls v8.1 through gap analysis and compliance reviews — record each Safeguard's implementation status, attach evidence, raise findings, and track corrective actions to closure, with the posture visible on a live dashboard. This is your CIS programme's working register and audit-readiness workspace.

Native controls

Controls 01GRC performs for you.

Beyond assessment, the platform implements several CIS Controls as real features — fully for some, in part for others.

CIS Control

What 01GRC delivers

Inventory & Control of Enterprise Assets Control 1

A first-class asset inventory with ownership, classification, CIA values and lifecycle status (Safeguard 1.1 — establish and maintain a detailed enterprise asset inventory).

Service Provider Management Control 15

A service-provider register with derived criticality, classification, due-diligence questionnaires and evidence, subcontractor mapping, and a review cadence (Safeguards 15.1–15.6).

Security Awareness & Skills Training Control 14

A built-in Learning module — courses, quizzes, schedules, completion tracking — plus policy-acknowledgement campaigns.

Incident Response Management Control 17

A state-machine incident lifecycle with activity timeline, asset and data linkage, evidence and dashboards, plus resilience exercises for routine response drills.

Data Protection Control 3 · in part

Data inventory and classification — data flows, data elements grouped into categories with personal and special-category flags, and retention (supports the data-management-process and inventory safeguards, it does not perform encryption or DLP).

Data Recovery Control 11 · in part

Documents the recovery process and tests data recovery through resilience failover exercises (it does not perform backups).

Continuous Vulnerability Management Control 7 · in part

A vulnerability register feeding risk treatment and remediation tracking (it does not run scanners).

Effectiveness

Test effectiveness, not just existence.

For any safeguard you bring into scope, 01GRC provides control tests with steps and KPIs, a control-effectiveness history, and compliance reviews — so you can show a safeguard is not only in place but working and staying effective over time.

Honest scope

What you implement, what 01GRC assures.

We are explicit about this, because most CIS Safeguards are technical.

You implement in your environment

01GRC gives you

Software inventory & secure configuration Controls 2, 4

Account & access management, MFA at scale Controls 5, 6

The assurance lifecycle and audit trail (the platform enforces RBAC and MFA for its own access).

Audit log management, malware defenses, email / web protection Controls 8, 10, 9

Assessment, status tracking and evidence (the platform logs its own activity, it is not a SIEM).

Network infrastructure & monitoring / defense Controls 12, 13

The register, gap analysis and effectiveness testing for each safeguard.

Application software security, penetration testing Controls 16, 18

Findings and remediation tracking, resilience exercises (it does not perform pentests or code scanning).

01GRC is the system of record and assurance for your CIS programme. It proves your safeguards are implemented, applicable, tested and effective — it does not replace your security tooling.

Platform

Strengths that make CIS easier.

Business-first model

Assets, processes, data flows and vendors as a connected graph, so a safeguard's scope and a gap's impact are visible.

Immutable evidence

Activity logging on every entity, snapshotted sign-offs, encrypted and virus-scanned attachments.

Effectiveness over time

Every control test writes to a history, so trends are demonstrable.

Deploy anywhere

Self-contained with no external dependencies — deploy on-premises, in your private cloud, or fully air-gapped.

Who it helps

One programme, every CIS stakeholder.

Security lead / IT

A prioritised CIS register with implementation status and effectiveness testing across all 18 Controls.

Risk & Compliance

CIS gap analysis, compliance reviews and corrective actions in one place.

Service-provider & asset owners

The inventories that Controls 1 and 15 require, kept current.

01GRC helps organisations assess, manage, test and evidence the CIS Controls v8.1 — all 18 Controls and 153 Safeguards — and natively performs several of them, including enterprise asset inventory, service-provider management, security awareness training and incident response. The technical and operational safeguards — secure configuration, malware defenses, network monitoring, audit-log collection, penetration testing and the rest — are implemented in your own environment, 01GRC is where you scope, assess, test and prove them.

More frameworks

One platform, every standard you answer to.

The CIS Controls are one of several frameworks built in — and you can add your own. More framework guides are on the way.

See your CIS Controls programme
the way it should look.

Book a personalised walkthrough — we'll demo the Safeguard assessment, asset and service-provider inventories, incident response and the effectiveness dashboard on data shaped like yours.

Request a demo