have a question,

is it possible for a router to be infected by virus,if so how could cis protect us from this kinds of problems?

Absolutely, a router’s firmware can be used compromise the DNS settings among other things. One example would be Psyb0t which was used to create botnets. Another example would be Sality using RBrute to change your primary DNS server. Saility can act either as a DNS or a HTTP proxy server to deliver fake content. Most routers are set to automatically trickle down network settings to any machine on a network that connects to them through the use of DHCP. Resetting your router back to factory would eliminate this if your router was infected with any DNS Changer malware.

If such malware was trusted or even ran totally virtualized I’m unsure if CIS could protect a router. It’s a good question. Overall the chances of getting infected this way are very slim from what I understand.