CIS Controls™ Companion Guides
Cybersecurity is an evolving industry with an endless list of threat actors. The tools we use to stay safe and secure must be updated to match the current threat landscape. Find out how CIS Controls V7 was updated from version 6.1.
Download CIS Controls Version 7 Change Log
Assess your risk with CIS RAM
CIS Risk Assessment Method is a free information security risk assessment method that helps organizations implement and assess their security posture against the CIS Controls™ cybersecurity best practices. CIS RAM provides instructions, examples, templates, and exercises for conducting a cyber risk assessment.
Download CIS RAM (read FAQs)
Look at measures and metrics
Want to see how well your organization is implementing the CIS Controls?
Download CIS Controls V7 Measures & Metrics
Learn how the CIS Controls map to other regulatory frameworks
If you are implementing the CIS Controls with a regulatory framework, this free tool provides a high-level mapping to NIST, ISO, PCI, HIPAA, etc.
If you're a Small- or Medium-Sized Enterprise (SME), download the SME guide
This guide seeks to empower the owners of small and medium-sized enterprises (SMEs) to help them protect their businesses with a small number of high priority actions based on the CIS Controls - a comprehensive set of cybersecurity best practices developed by IT experts that address the most common threats and vulnerabilities.
Download SME Guide
Working in an Industrial Controls System Environment? Download the ICS Guide
On this document, we provide guidance on how to apply the security best practices found in CIS Controls Version 7 to ICS environments. For each top-level CIS Control, there is a brief discussion of how to interpret and apply the CIS Control in such environments, along with any unique considerations or differences from common IT environments.
Download ICS Guide