CIS Controls™ Companion Guides


                What's changed?

Cybersecurity is an evolving industry with an endless list of threat actors. The tools we use to stay safe and secure must be updated to match the current threat landscape. Find out how CIS Controls V7  was updated from version 6.1.
 Download CIS Controls Version 7 Change Log


                Assess your risk with CIS RAM

CIS RAM iconCIS Risk Assessment Method is a free information security risk assessment method that helps organizations implement and assess their security posture against the CIS Controls™ cybersecurity best practices. CIS RAM provides instructions, examples, templates, and exercises for conducting a cyber risk assessment.
 Download CIS RAM (read FAQs)


                Look at measures and metrics

Want to see how well your organization is implementing the CIS Controls?
 Download CIS Controls V7 Measures & Metrics


                Learn how the CIS Controls map to other regulatory frameworks

cis-controls-mapping-frameworkIf you are implementing the CIS Controls with a regulatory framework, this free tool provides a high-level mapping to NIST, ISO, PCI, HIPAA, etc.
Download AuditScripts


                If you're a Small- or Medium-Sized Enterprise (SME), download the SME guide

This guide seeks to empower the owners of small and medium-sized enterprises (SMEs) to help them protect their businesses with a small number of high priority actions based on the CIS Controls - a comprehensive set of cybersecurity best practices developed by IT experts that address the most common threats and vulnerabilities.
 Download SME Guide


                Working in an Industrial Controls System Environment? Download the ICS Guide

On this document, we provide guidance on how to apply the security best practices found in CIS Controls Version 7 to ICS environments. For each top-level CIS Control, there is a brief discussion of how to interpret and apply the CIS Control in such environments, along with any unique considerations or differences from common IT environments.
 Download ICS Guide