CIS Logo
tagline: Confidence in the Connected World

CIS Controls™

CIS RAM is an information security risk assessment method that helps organizations implement and assess their security posture against the
CIS Controls.
Download CIS RAM

Already downloaded the CIS Controls?

We have several resources to help you implement:

7 Key Principles

When designing the latest version of the CIS Controls, our community relied on 7 key principles to guide the development process.

  1. Improve the consistency and simplify the wording of each sub-control
  2. Implement "one ask" per sub-control
  3. Bring more focus on authentication, encryption, and application whitelisting
  4. Account for improvements in security technology and emerging security problems
  5. Better align with other frameworks (such as the NIST CSF)
  6. Support the development of related products (e.g. measurements/metrics, implementation guides)
  7. Identify types of CIS controls (basic, foundational, and organizational)

Read more about what's new in V7.