Compliance evidence
CIS Controls — domain & certificate controls
Organizations adopting a prioritized set of security best practices — often a stepping stone to formal compliance.
Authority: Center for Internet Security (CIS)
What CIS Controls actually requires
CIS Controls v8 lists 18 critical security controls, each with implementation groups (IG1, IG2, IG3). Certificate management appears in Controls 3 (Data Protection) and 13 (Network Monitoring and Defense).
Full name: CIS Critical Security Controls v8.
Controls that touch certificates and domains
These are the 3 controls most directly affected by TLS certificate and domain lifecycle. CertRadar produces evidence bundles mapped to each.
| Control | Title | How CertRadar helps |
|---|---|---|
3.10 | Encrypt Sensitive Data in Transit | Valid, trusted TLS certificates are the baseline implementation. |
3.11 | Encrypt Sensitive Data at Rest | Related: certificate-adjacent keys require similar lifecycle tracking. |
13.1 | Centralize Security Event Alerting | Certificate-expiry alerts should feed the central SIEM. |
What the evidence pack contains
CertRadar’s one-click export for CIS Controls includes:
- Prioritized certificate inventory (IG1/2/3 classification)
- Alert routing evidence
- Implementation-group mapping
Example domains in CIS Controls scope
Representative domains often monitored for CIS Controls evidence. Check any of them live:
Ship the CIS Controls evidence your auditor asks for.
CertRadar gives security, IT, and compliance teams a complete inventory of every domain and cert your company owns — plus a one-click evidence pack mapped to CIS Controls controls. Beta in weeks. Early members get a lifetime Pro discount.
Join the waitlist