CIS controls are independent and trusted prescriptive, prioritized, and simplified cybersecurity best practices. They translate cyber threat information into action, giving enterprises an executable plan to defend themselves against the most common and important attacks. The CIS Controls are broken down into three Implementation Groups (IGs), containing Safeguards that provide a prioritized path to gradually improve an organization’s cybersecurity posture. An organization can determine what IG they belong to by looking at the sensitivity of the data they need to protect and the resources they can dedicate towards IT and cybersecurity.
Source: https://www.helpnetsecurity.com/2021/05/10/getting-a-grip-on-basic-cyber-hygiene/