CIS Controls™ Companion Guides

 

                What's changed?

Cybersecurity is an evolving industry with an endless list of threat actors. The tools we use to stay safe and secure must be updated to match the current threat landscape. Find out how CIS Controls V7  was updated from version 6.1.
 Download CIS Controls Version 7 Change Log

 

                Assess your risk with CIS RAM

CIS RAM iconCIS Risk Assessment Method is a free information security risk assessment method that helps organizations implement and assess their security posture against the CIS Controls™ cybersecurity best practices. CIS RAM provides instructions, examples, templates, and exercises for conducting a cyber risk assessment.
 Download CIS RAM (read FAQs)

 

                Look at measures and metrics

Want to see how well your organization is implementing the CIS Controls?
 Download CIS Controls V7 Measures & Metrics

 

                Learn how the CIS Controls map to other regulatory frameworks

cis-controls-mapping-frameworkIf you are implementing the CIS Controls with a regulatory framework, this free tool provides a high-level mapping to NIST, ISO, PCI, HIPAA, etc.
Download AuditScripts

 

                If you're a Small- or Medium-Sized Enterprise (SME), download the SME guide

This guide seeks to empower the owners of small and medium-sized enterprises (SMEs) to help them protect their businesses with a small number of high priority actions based on the CIS Controls - a comprehensive set of cybersecurity best practices developed by IT experts that address the most common threats and vulnerabilities.
 Download SME Guide

 

                Working in an Industrial Controls System Environment? Download the ICS Guide

On this document, we provide guidance on how to apply the security best practices found in CIS Controls Version 7 to ICS environments. For each top-level CIS Control, there is a brief discussion of how to interpret and apply the CIS Control in such environments, along with any unique considerations or differences from common IT environments.
 Download ICS Guide

                Looking to secure a cloud environment? Download the CIS Controls Cloud Companion Guide

In this document, we provide guidance on how to apply the security best practices found in CIS Controls Version 7 to any cloud environment from the consumer/customer perspective. For each top-level CIS Control, there is a brief discussion of how to interpret and apply the CIS Control in such environments, along with any unique considerations or differences from common IT environments.
 Download Cloud Companion Guide

                Looking to secure a mobile device? Download the CIS Controls Mobile Companion Guide

In this document, we provide guidance on how to apply the security best practices found in CIS Controls Version 7 to ICS environments. For each top-level CIS Control, there is a brief discussion of how to interpret and apply the CIS Control in such environments, along with any unique considerations or differences from common IT environments.
 Download Mobile Companion Guide Track your progress with a downloadable spreadsheet