Center for Internet Security (CIS)
The Center for Internet Security (CIS) is a nonprofit organization started in 2000 that is dedicated to helping organizations protect against and mitigate cyber threats.
The CIS mission is to ensure secure online experiences across the globe.
CIS encourages best practices across technologies and industries to best safeguard against malicious cyber activities. It brings together a global community of volunteer subject matter experts in a range of cyber security-related disciplines to identify the most appropriate security measures, outline the best ways to implement them, and develop recommendations for future controls, aligning with ongoing changes in the cybersecurity landscape. CIS developed and maintains two resources: CIS Critical Security Controls and CIS Benchmarks. The Benchmarks map to the Controls.
The CIS Controls are a prioritized set of best practices and specific actions for protecting an organization and its data from known cyber-attack vectors. This helps organizations define the best place to start their cyber defenses, direct resources to these priority areas, and focus their efforts on other risks specific to their business goals. CIS Controls map to a variety of frameworks, including NIST CSF, SP 800-53 Rev. 5, and 800-171; HIPAA; PCI DSS; CMMC; COBIT; and FISMA. CIS provides a downloadable CIS Controls Assessment Module and Self-Assessment Tool.
CIS Benchmarks offer a more granular approach to security configuration, with expert guidance for hardening specific operating systems, middleware, software applications and network devices. This promotes cyber resilience for hundreds of configurations across the products of more than 25 vendors, including MS 365, MacOS, AWS, Android, Azure, MongoDB, and Safari. The Benchmarks are recognized as cyber protection industry standards—FedRAMP, PCI, and HIPAA, among others, recommend their use in certain situations.
CIS Critical Security Controls Version 8 (released in 2021) consists of 153 total safeguards grouped into 18 categories that CIS subject matter experts agreed could stop most current cyber attacks and provide the framework for automation and systems management for future cyber defense:
- Inventory and Control of Enterprise Assets
- Inventory and Control of Software Assets
- Data Protection
- Secure Configuration of Enterprise Assets and Software
- Account Management
- Access Control Management
- Continuous Vulnerability Management
- Audit Log Management
- Email and Web Browser Protections
- Malware Defenses
- Data Recovery
- Network Infrastructure Management
- Network Monitoring and Defense
- Security Awareness and Skills Training
- Service Provider Management
- Application Software Security
- Incident Response Management
- Penetration Testing
CIS also houses the
Multi-State Information Sharing and Analysis Center
and the Elections Infrastructure Information Sharing and Analysis Center.
These are ideal resources for Local, Tribal, and Territorial government agencies.
Speak with a CISO Global Security Specialist Today
Our experts maintain the most respected credentials in
the industry across cybersecurity, risk and compliance,
forensics, incident response, ethical hacking, IEEE®
certified biometrics, security engineering, and more.