The Center for Internet Security (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data.

  • CIS benchmarks are consensus-based best practices.
  • CI Benchmarks are designed standards and best ways for securely configuring a system. Each of the guidance references is one or more CIS Controls built to help businesses improve their cybersecurity experiences. CIS controls map to many established standards and regulatory frameworks, including the NIST Cybersecurity Framework (CSF) and NIST SP 800-53, the ISO 27000 series of standards, PCI DSS, HIPAA, and others.
  • More than 100 CIS Benchmarks are covering 14+ technology groups.
  • Each benchmark goes through two phases of consensus review. The first occurs during early development when experts summon to discuss, create, and test working drafts until they reach a consensus on the benchmark. During the second stage, after the benchmark has been published, the consensus team reviews the response from the internet community for incorporation into the benchmark.
  • CIS benchmarks provide two levels of safety measures settings:
      • Level 1 proposes essential fundamental security requirements that can be configured on any system and should cause little or no service disturbance or decreased functionality.
      • Level 2 recommends security settings for environments requiring greater security that could result in some decreased functionality.

  • The CIS Controls are a regulatory, highlighted, and easy set of cybersecurity best practices and protective actions to facilitate compliance in a multi-framework era. Organizations worldwide leverage them to provide specific guidance and a clear pathway to achieve the goals and objectives described by multiple legal, regulatory, and policy frameworks.
  • The CIS Controls are focused on Implementation Groups (IGs). Separating the CIS Controls, IGs make their application across numerous frameworks simpler. Carrying out the entirety of the CIS Controls is the meaning of a successful network safety program. Adequately implementing IG 1 represents basic cyber hygiene for any organization.
  • CIS controls V.8 have 18 controls containing 153 safeguards which were previously known as sub-controls. Safeguards are still prioritized with Implementation controls (IGs), IG1 defining basic cyber hygiene. Our team will be helping to achieve the best cyber hygiene.

  • CIS RAM (Center for Internet Security® Risk Assessment Method) is an information security risk assessment technique that facilitates organizations to implement and assess their security according to the CIS Controls® cybersecurity most excellent methods. CIS RAM gives examples, instructions, exercises, and templates for a cyber risk assessment.
  • “The CIS RAM is a powerful tool to guide the prioritization and implementation of the CIS Controls and complements their technical credibility with a sound business risk-decision process,” said Tony Sager, Senior Vice President, and Chief Evangelist at CIS. “We see the CIS RAM as a method that organizations of all maturity levels can use.”
  • Three different security methods to support different levels of organizational ability are provided by CIS RAM.
      • Beginner to Risk Analysis? For modeling predictable threats CIS RAM’s instructions can be used against the CIS Controls to apply in your organization.
      • Cybersecurity Professional? To determine how the CIS Controls should be configured to protect, instructions should be followed for modeling against the information assets.
      • Expert in Cyber Risk? Use CIS RAM’s instructions to investigate risks based on “attack paths” using CIS’s Community Attack Model.

  • The CIS Controls Self-Assessment Tool (CIS-CSAT) is a free tool for security managers to track and prioritize their CIS Controls.
  • Regardless of size or resources, CIS-CSAT is a free tool to help an organization improve its security posture.
  • It’s a solid spot to begin understanding and implementation the CIS Controls with multiple reporting formats, cross-mappings, and collaboration functionality.

  • CIS Controls Assessment Module is used to scan endpoints against the CIS Controls Implementation Group 1.
  • Organizations around the world use CIS-CAT as a configuration assessment tool and dashboard to improve their security posture.
  • CIS-CAT Pro Assessor rapidly compares the configuration of an objective framework to CIS Benchmark suggestions and reports conformance on a size of 0-100.
  • A coordinated part of CIS-CAT Pro Assessor is CIS-CAT Pro Dashboard, which permits users to see framework compliance to the CIS Benchmarks over a period with dynamic reporting features.

  • Virtual images hardened are offered by CIS following the CIS Benchmarks. Scalable computing, on-demand, and a user’s secure environment are being provided by CIS Hardened Images.
  • They are accessible from major cloud computing platforms like AWS, Azure, Oracle Cloud, and Google Cloud Platform.
  • A virtual image is a photo of a virtual machine (VM) used to produce a running instance in a virtual environment, thus giving equal functionality as a real computer.
  • Virtual images reside on the cloud and let you cost-effectively execute routine computing operations with no investing in local hardware and software.
  • Hardening is a process of limiting possible vulnerabilities that make systems vulnerable to cyber-attacks. Safer than a primary image, hardened virtual images lessen system vulnerabilities to help guard against unauthorized data access, denial of service, and other cyber threats.