Center for Internet Security (CIS)
The Center for Internet Security (CIS) is a nonprofit organization started in 2000 that is dedicated to helping organizations protect against and mitigate cyber threats.
The CIS mission is to ensure secure online experiences across the globe.
CIS encourages best practices across technologies and industries to best safeguard against malicious cyber activities. It brings together a global community of volunteer subject matter experts in a range of cyber security-related disciplines to identify the most appropriate security measures, outline the best ways to implement them, and develop recommendations for future controls, aligning with ongoing changes in the cybersecurity landscape. CIS developed and maintains two resources: CIS Critical Security Controls and CIS Benchmarks. The Benchmarks map to the Controls.
The CIS Controls are a prioritized set of best practices and specific actions for protecting an organization and its data from known cyber-attack vectors. This helps organizations define the best place to start their cyber defenses, direct resources to these priority areas, and focus their efforts on other risks specific to their business goals. CIS Controls map to a variety of frameworks, including NIST CSF, SP 800-53 Rev. 5, and 800-171; HIPAA; PCI DSS; CMMC; COBIT; and FISMA. CIS provides a downloadable CIS Controls Assessment Module and Self-Assessment Tool.
CIS Benchmarks offer a more granular approach to security configuration, with expert guidance for hardening specific operating systems, middleware, software applications and network devices. This promotes cyber resilience for hundreds of configurations across the products of more than 25 vendors, including MS 365, MacOS, AWS, Android, Azure, MongoDB, and Safari. The Benchmarks are recognized as cyber protection industry standards—FedRAMP, PCI, and HIPAA, among others, recommend their use in certain situations.
CIS also houses the Multi-State Information Sharing and Analysis Center
and the Elections Infrastructure Information Sharing and Analysis Center.
These are ideal resources for Local, Tribal, and Territorial government agencies.
Speak With a CISO Global Security Specialist Today
Our experts maintain the most respected credentials in
the industry across cybersecurity, risk and compliance,
forensics, incident response, ethical hacking, security engineering, and more.