Implementation Group 1 (IG1) - Essential Cyber Hygiene

Implementation Group 1 (IG1) in the CIS Critical Security Controls v8 defines a core set of essential cyber-hygiene practices aimed at organizations with limited resources or lower risk profiles. It selects the most fundamental controls-such as inventory, secure configurations, access management, and basic malware defenses-to establish a baseline level of protection against common threats. IG1 is intended to be achievable for small-to-medium enterprises and serves as a starting point for broader security programs.