Menu

CIS18 Framework Now Available in .legal Platform

You can now access the CIS18 framework in .legal. Just as you may have worked with ISO27001, NIS2, AI Act or other frameworks in the platform, we've added a standard mapping of CIS18.

CIS18 framework overview in .legal platform with 18 security controls and implementation groups

What is CIS18?

CIS18 is an international cybersecurity framework developed by the Center for Internet Security. It consists of 18 concrete security controls that help organisations protect themselves against the most common cyber threats. The controls cover everything from basic tasks like managing hardware and software inventory to more advanced measures such as protecting sensitive data, handling security incidents and conducting penetration tests.

The framework builds on best practices from cybersecurity experts and is continuously updated to address emerging threats. CIS18 gives organisations a structured approach to prioritising their security work and reducing the risk of cyber attacks.

Why We've Added CIS18 to .legal Platform

You've long had the option to use ISO27001 as your IT security standard in .legal platform. But many organisations prefer working with the CIS framework instead – or in combination. On a technical level, CIS18 goes deeper regarding tasks and controls, making it natural to also support it in .legal.

CIS18 cybersecurity controls protecting against common cyber threats and security incidents

We've added CIS18 directly to the Framework module and mapped it to both existing and new tasks in the .legal task catalogue. This means if you're already working with other frameworks in the platform, you can log in today and see your progress on CIS18. You can also plan it from scratch if you haven't yet worked with Frameworks in .legal.

How CIS18 Has Been Mapped

We've mapped the 18 CIS18 controls as categories and created the specific safeguards under each category. Safeguards have been mapped to .legal tasks, which function as documentation for individual safeguards and thereby controls.

CIS18 safeguards mapped to .legal tasks showing framework structure and control categories

The structure and logic are the same as you already know from Frameworks, but with CIS18 framework as content.

Implementation Groups, Security Function and Assessment

We've also extended our framework functionality to support some CIS18-specific technical requirements. This includes mapping each Safeguard to their respective implementation group IG1, IG2 and IG3.

Additionally, you can now add tags to a control in Frameworks, which can be used to register Security Function on each Safeguard.

CIS18 implementation groups IG1 IG2 IG3 with security function tags and assessment ratings

Finally, we've expanded our assessment so you can now evaluate a task on a 1-5 scale, and this evaluation contributes to calculating an overall assessment for a control (safeguard).

This way you can work more comprehensively with implementation and operation of CIS18 in your organisation.

Group Management for Your Frameworks

As with all other Frameworks, you can work with group management on your CIS18 Framework. In connection with the implementation, we've also made it easier for you to plan your framework across different group companies – so your overall framework reflects your group structure.

For example, there might be different implementation groups for different countries. You might want .legal DK to only have implementation group 1 controls, but .legal UK should have both implementation groups 1 and 2. This has now become much easier to administer in the planning.

Start Your CIS18 Work Today

CIS18 is already available in .legal. This requires access to our Frameworks and Information & Cybersecurity plans. From there you can begin your work with the controls. You can use CIS18 as your IT and cybersecurity foundation and see how it benefits your work with NIS2, ISO27001, ISAE3402 declaration or something else entirely.

Feedback and comments are always welcome – contact our support team, they look forward to hearing from you.

Frequently Asked Questions About CIS18

What is CIS18 framework?

CIS18 is an international cybersecurity framework developed by the Center for Internet Security. It consists of 18 concrete security controls that help organisations protect against common cyber threats. The controls cover hardware and software management, data protection, security incident handling, and penetration testing. The framework is continuously updated to address emerging threats and provides a structured approach to prioritising cybersecurity work.

What are CIS18 implementation groups?

CIS18 uses three implementation groups (IG1, IG2, IG3) to categorise safeguards based on organisational maturity and resources. IG1 contains essential controls for all organisations. IG2 adds more sophisticated controls for organisations with moderate resources. IG3 includes advanced controls for organisations with significant cybersecurity resources and expertise. In .legal, you can map each safeguard to its respective implementation group.

Learn more about framework implementation

How does CIS18 compare to ISO27001?

While both are IT security standards, CIS18 goes deeper on technical level regarding specific tasks and controls compared to ISO27001. Many organisations use CIS18 as their cybersecurity foundation and integrate it with ISO27001 compliance. The .legal platform allows you to work with both frameworks simultaneously and see how they complement each other.

Learn more about ISO27001 compliance

Can I use CIS18 with other frameworks in .legal?

Yes, CIS18 integrates seamlessly with other frameworks in .legal platform including NIS2, ISO27001, ISAE3402, and AI Act. The framework is mapped to both existing and new tasks in the .legal task catalogue, so if you're already working with other frameworks, you can immediately see your progress on CIS18 controls.

How are CIS18 safeguards mapped in .legal?

The 18 CIS18 controls are mapped as categories with specific safeguards created under each category. Each safeguard is mapped to .legal tasks which function as documentation. You can add tags to register Security Function, evaluate tasks on a 1-5 scale, and the platform calculates an overall assessment for each control. The structure follows the same logic as other frameworks in .legal.

What are the 18 CIS controls?

The CIS18 framework includes 18 security controls covering: inventory and control of enterprise assets, software management, data protection, secure configuration, account management, access control, continuous vulnerability management, audit log management, email and web browser protection, malware defences, data recovery, network infrastructure management, network monitoring, security awareness training, service provider management, application software security, incident response management, and penetration testing.

Do I need special access to use CIS18 in .legal?

Yes, CIS18 requires access to the Frameworks and Information & Cybersecurity plans in .legal platform. Once you have these plans, you can immediately begin working with CIS18 controls. The framework is already available and ready to use for planning, implementation and ongoing operation of cybersecurity controls.

You do also need to buy access to the CIS18 framework directly from the provider.

View pricing for Frameworks

Can I manage CIS18 across multiple companies?

Yes, .legal supports group management for CIS18 framework. You can plan your framework across different group companies so your overall framework reflects your organisational structure. For example, you can assign different implementation groups (IG1, IG2, IG3) to different countries or subsidiaries, making it easier to manage varying security requirements across your organisation.

Learn more about group management

How do I start working with CIS18 in .legal?

Log into your .legal platform and navigate to the Frameworks module. Select CIS18 from the available frameworks and begin mapping your controls. If you're already working with other frameworks, you'll immediately see your existing progress mapped to relevant CIS18 controls. You can plan from scratch or build on existing compliance work.

Book a demo to see CIS18 in action

Read on

+360 companies use .legal
Region Sjælland
Aarhus Universitet
aj_vaccines_logo
Realdania
Right People
IO Gates
PLO
Finans Danmark
geia-food
Vestforbrænding
Evida
Klasselotteriet
NRGI1
BLUE WATER SHIPPING
Karnov
Ingvard Christensen
VP Securities
AH Industries
Lægeforeningen
InMobile
AK Nygart
ARP Hansen
DEIF
DMJX
Axel logo
qUINT Logo
KAUFMANN (1)
SMILfonden-logo
kurhotel_skodsborg
nemlig.com
Molecule Consultancy
Novicell
Footer topswirl

Info

.legal A/S

hello@dotlegal.com
+45 7027 0127

VAT-no: DK40888888

Support

support@dotlegal.com
+45 7027 0127
Need help?

 

Offices

Aarhus

Store Torv 14, 2.
8000 Aarhus C

Copenhagen

Vesterbrogade 26
1620 København V

Products

Let me help you get started

joa i blob
Reach out to me on phone
+45 7027 0127 and I'll get you started
arrow-right-white Get a demo

.legal is not a law firm and is therefore not under the supervision of the Bar Council.

Footer bottomswirl