The Critical Security Controls for Effective Cyber Defense has been updated to version 6.1. This new version has a new two-level categorization scheme to show which sub-Controls are considered “Foundational" and which are “Advanced.” This framework of controls works hand in hand with the NIST Framework for Improving Critical Infrastructure Cybersecurity. You can download the controls and support documents at https://www.cisecurity.org/critical-controls/Library.cfm.
Actual attacks are used to determine critical controls to prevent such attacks. If you want to protect your systems, these controls are a must. The controls map directly to NIST SP 800-53 to support users who implement NIST Risk Management Framework (RMF). I recommend using this framework as a guide for protecting systems and ensuring proper control coverage for systems.