What is the CIS18 Framework?

The CIS18 Framework (also known as CIS Controls) is a set of 18 prioritised cybersecurity best practices designed to protect organisations against the most common cyber attacks. It includes 153 specific safeguards organised into three implementation groups (IG1, IG2, IG3) based on organisation size and resources.

Which CIS18 implementation group should my organisation use?

Choose IG1 if you're a small organisation with limited IT resources focusing on basic cybersecurity. Select IG2 if you're a medium-sized organisation with dedicated IT teams needing extended protection. Pick IG3 if you're a large organisation with significant IT assets requiring comprehensive security across all 153 safeguards.

How does CIS18 integrate with other compliance frameworks?

CIS18 naturally aligns with ISO 27001, NIS2, NIST, and GDPR standards. Many CIS18 security measures overlap with requirements in these frameworks, allowing you to reuse documentation and processes. This integration saves time and strengthens compliance across multiple areas simultaneously.

What are the 18 CIS Controls?

The 18 CIS Controls cover essential cybersecurity areas including inventory and control of enterprise assets, data protection, account management, access control management, secure configuration, continuous vulnerability management, audit log management, email and web browser protections, malware defences, data recovery, network infrastructure management, network monitoring, security awareness training, service provider management, application software security, incident response, and penetration testing.

How does .legal's CIS18 Framework software help with compliance?

.legal's CIS18 Framework software provides automatic compliance tracking across all 18 controls and 153 safeguards. The platform allows you to select your appropriate implementation group (IG1, IG2, or IG3), reuse documentation across multiple frameworks, and integrate seamlessly with existing ISO 27001, NIS2, and GDPR compliance work.

FRAMEWORK .legal | CIS18 Framework

Data Act compliance framework dashboard showing task management and progress tracking in .legal platform

CIS18 framework implementation groups IG1 IG2 IG3 for small medium large organisations

CIS18 FRAMEWORK Practical cybersecurity with CIS18

Implement evidence-based security controls and protect your organisation against the most common cyber attacks. CIS18 provides 18 prioritised controls based on actual threats, with the ability to tailor to your organisation's size and automatic compliance tracking across all requirements.

The CIS18 Framework covers all 18 controls and 153 safeguards, but not every rule applies to every organisation. Choose the implementation group that fits your organisation:

IG1, Small Organisations Basic cybersecurity for organisations with limited IT resources. Focus on the most prioritised safeguards that protect against the most common threats.
IG2, Medium-sized Organisations Extended protection for organisations with dedicated IT teams. Additional safeguards that address more sophisticated attacks.
IG3, Large Organisations Comprehensive security for organisations with significant IT assets and security expertise. All 153 safeguards for maximum protection.

CIS18 framework integration with ISO 27001 NIS2 GDPR compliance standards

CIS18 FRAMEWORK Build upon your existing compliance work

The CIS18 Framework naturally aligns with the standards you already work with. Avoid duplication and get more value from what you've already invested in.

Integration with existing frameworks:

CIS18 is designed to work alongside other recognised security standards such as ISO 27001, NIS2, NIST and GDPR. When you implement CIS Controls, you simultaneously build a solid foundation that supports compliance across multiple frameworks.

The 18 controls in CIS18 address many of the same security challenges that other standards focus on, which means your work with CIS18 often also advances your compliance within related areas.

Read more about Frameworks

+375

companies
+10.000

users
+79.000

contracts
+14.000

processing activities

Lægeforeningen Michael Berner (Lawyer)

.legal has been the right choice for us. .legal are professional and welcoming with skilled employees.
Min By Media Tinna Schultz (HR manager)

It just works! It is so easy and user-friendly, and the overview of processing activities is brilliant.
Bech-Bruun Mikkel Friis Rossa (Partner)

.legal's team has consistently demonstrated a commitment to innovation while being responsive to the needs of our mutual clients.
DMJX Kaspar Rochholz (GDPR coordinator)

.legal has really understood what it means to create a user-friendly and efficient solution. Privacy is an attractive product compared to price and functionality.
Axel Kaufmann ApS Julie Lundkvist Andreasen (Lawyer and Head of Customer Service)

.legal continuously update the platform to ensure their customers always remain compliant. In our view, any other choice would be a downgrade.
Molecule Consultancy Nanna Rodian Christensen (HR & Operational Manager)

Firstly, it means that not all the work is in one place (me), and secondly, that the understanding of GDPR is implemented throughout the organisation.
Fenerum Rasmus Boutrup (Financial Controller)

With .legal, we've gained a simpler and more manageable solution that better suits our needs
Novicell Julie Oxenvad (Legal Consultant)

We are satisfied with the switch to .legal – it has strengthened our compliance work, made processes easier to manage and more transparent, and improved cross-team collaboration

.legal Compliance Hub

Read all about .legals compliance on our compliance hub.

ISAE 3402

Get a copy of .legal A/S's latest ISAE3402 (type 2) IT security statement

ISAE 3402 statement
ISAE 3000

Get a copy of .legal A/S's latest ISAE3000 (type 2) statement of our GDPR compliance

ISAE 3000 statement
Data Processing Agreement (DPA)

Find .legal A/S's data processing agreement here.

Data processing agreement
IT security

All .legal A/S's implemented and approved IT security measures are described here.

IT Security Measures