This paper presents the main steps to start implementing CIS CONTROLS for any system or organization, both private and public sector. The key stages are considered, the observance of which will contribute to the increase of the level of cybersecurity of information systems, reduction of the risks of cyberattacks and their consequences, and effective use of CIS Controls to protect information systems.