Research on critical information infrastructure protection is currently increasing. This research complements existing security standards and becomes an alternative to the latest technical controls. Based on previous research, research on CII security did not meet four of seven security functions. Therefore, it is also necessary to know whether the security parameters already refer to the security function for each threat and vulnerability. This research is a systematic literature review of scientific articles in CII protection based on the security functions needed to control threats and vulnerabilities. The Kitchenham SLR method was used to search the literature, and 28 publications were obtained. As a result, the research found six threats and four vulnerabilities in critical information infrastructure and all security functions available for All threat and vulnerability groups. The study results also found the threat of Destruction of Information which in theory should exist, but the security controls have never been identified.