Skip to content

CIS Controls v8.0 IG1

The Center for Internet Security (CIS) Controls version 8.0 is a prioritized set of actions to protect organizations from known cyber attack vectors. Implementation Group 1 (IG1) represents essential cyber defense safeguards for enterprises of all sizes with limited cybersecurity resources. Released in May 2021, this framework provides a modernized approach to foundational cybersecurity controls applicable globally across all industries.

Terraform Registry Subdomain: cisv80ig1

module "..." {
  source  = "cisv80ig1.compliance.tf/terraform-aws-modules/<module>/aws"
  version = "<version>"
}
module "..." {
  source = "https://cisv80ig1.compliance.tf/terraform-aws-modules/<module>/aws"
}

Refer to the Terraform Registry Endpoints section for more details.

Implemented Controls

The following controls are implemented as part of this framework.

Enable/Disable Controls

You can customize the Terraform module for the desired compliance requirements by enabling/disabling individual controls.

Examples

S3 bucket module with CIS Controls v8.0 IG1 compliance framework controls enabled, and a couple of controls disabled

module "..." {
  source = "https://cisv80ig1.compliance.tf/terraform-aws-modules/s3-bucket/aws?disable=apigateway_stage_logging_enabled,backup_plan_min_retention_35_days"
}