Implement the world's most widely adopted cybersecurity framework. CIS Controls gap assessments, IG1 through IG3 implementation, and documentation for Texas SB 2610 safe harbor and cyber insurance.
CIS Controls are organized into Implementation Groups so you can prioritize based on your organization's size, resources, and risk profile.
Small businesses with limited IT resources
The minimum standard of information security for all enterprises. IG1 covers the most critical controls that every organization — regardless of size — must implement to defend against common attacks.
Mid-size organizations with dedicated IT staff
Builds on IG1 with additional controls for organizations that store or process sensitive client or company information. IG2 addresses more sophisticated attack techniques and requires dedicated security resources.
Large enterprises facing advanced threats
The full CIS Controls implementation for organizations with significant security teams and resources. IG3 addresses advanced persistent threats and nation-state level attacks.
Segler.Net assesses and implements all 18 CIS Controls across all three Implementation Groups.
Actively manage all hardware assets connected to your infrastructure.
Actively manage all software on the network to prevent unauthorized software from running.
Develop processes and technical controls to identify, classify, and protect sensitive data.
Establish and maintain secure configurations for hardware and software.
Use processes and tools to assign and manage authorization to credentials for user accounts.
Use processes and tools to create, assign, manage, and revoke access credentials.
Continuously acquire, assess, and take action on new information to identify vulnerabilities.
Collect, alert, review, and retain audit logs to detect and recover from attacks.
Improve protections and detections of threats from email and web vectors.
Prevent or control the installation, spread, and execution of malicious applications.
Establish and maintain data recovery practices to restore in-scope assets to a pre-incident state.
Establish and maintain the security of network infrastructure.
Operate processes and tooling to establish and maintain comprehensive network monitoring.
Establish and maintain a security awareness program to influence behavior.
Develop a process to evaluate service providers who hold sensitive data.
Manage the security life cycle of in-house developed, hosted, or acquired software.
Establish a program to develop and maintain an incident response capability.
Test the effectiveness and resiliency of enterprise assets through identifying and exploiting weaknesses.
Texas SB 2610 protects businesses from punitive damages in data breach lawsuits — but only if you've implemented a recognized cybersecurity framework. CIS Controls is explicitly listed as a qualifying framework.
Segler.Net documents your CIS Controls implementation specifically for SB 2610 safe harbor purposes — giving you legal protection and a defensible security posture in the event of a breach.
Learn About SB 2610 Safe HarborShield your business from punitive damages in breach lawsuits by documenting CIS Controls compliance.
Segler.Net produces the documentation needed to assert safe harbor protection in court.
SB 2610 safe harbor is specifically designed for Texas businesses with fewer than 250 employees.
The law is already in effect. Start your CIS Controls implementation now to qualify.
Straight answers to what Texas businesses ask most about CIS Controls compliance.
Have a CIS Controls question specific to your business?
Our San Antonio security experts help Texas businesses implement CIS Controls every day — no obligation to ask.
Get a free CIS Controls gap assessment. We'll score your current posture against all 18 controls and give you a prioritized IG1 implementation roadmap.