Center for Internet Security (CIS) foundational controls and benchmarks are a collection of best practices for securely configuring IT systems, software, networks, and cloud infrastructure that are most vulnerable to cyber-attacks. They are developed and continuously verified by consensus-based guides curated by security practitioners to combat evolving cybersecurity challenges.
Why Does CIS Controls and Benchmarks Matter?
The CIS Controls have been adopted by thousands of global enterprises, large and small, and are supported by numerous security solution vendors, integrators, and consultants. CIS Controls are a series of 20 foundational and advanced cybersecurity actions, where the most common attacks can be eliminated. The CIS Controls are referenced by the U.S. Government in the National Institute of Standards and Technology (NIST) Cybersecurity Framework as a recommended implementation approach for the Framework.
CIS Benchmarks are best practices for the secure configuration of a target system. Available for 100+ CIS Benchmarks covering more than 14 technology groups, CIS Benchmarks are developed through a unique consensus-based process comprised of cybersecurity professionals and subject matter experts around the world. CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by the government, business, industry, and academia.
CIS SecureSuite Members benefit from advanced tools and resources that help speed the adoption of security best practices from policy to implementation. A CIS SecureSuite Membership for service providers allows organizations with consulting engagements to use the membership resources (including CIS Benchmarks, CIS-CAT Pro, Build Kits, and the CIS Controls) to help audit and secure client systems.
Our deliverables include but not limited to:
CIS Controls Assessment Report
Customized Policies and Procedures
Automated Forms and Process Implementation
Vendor Compliance and Review
Key CIS Offerings:
Quickly establish the protections providing the highest payoff to your organization. CIS controls to guide you through a series of 20 foundational and advanced cybersecurity actions, where the most common attacks can be eliminated.
Proven guidelines will enable you to safeguard operating systems, software, and networks that are most vulnerable to cyber-attacks. They are continuously verified by a volunteer cybersecurity community to combat evolving cybersecurity challenges.
Cloud Providers Benchmark
CIS cloud providers benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by the government, business, industry, and academia.
CIS Hardened Images
CIS offers virtual images hardened in accordance with the CIS Benchmarks, a set of vendor-agnostic, internationally recognized secure configuration guidelines. CIS Hardened Images provide users a secure, on-demand, and scalable computing environment. They are available from major cloud computing platforms like AWS, Azure, Google Cloud Platform, and Oracle Cloud.
Full text is located at 45 CFR Part 160 and Subparts A and C of Part 164.