CIS Controls™ Resources

Start by downloading the CIS Controls™

cis-controls
The CIS Controls are a prioritized set of actions developed by a global IT community. They help protect organizations and their data from known cyber attack vectors. This set of best practices is trusted by security leaders in both the private and public sector and help defeat over 85% of common attacks.
Download CIS Controls V7  (read FAQs)

Learn how the CIS Controls are developed

In an ever-growing mix of hundreds of potential cybersecurity concerns and even more proposed solutions, CIS applies the Pareto Principle – the concept that for many activities, roughly 80% of the effects come from 20% of the causes – to help prioritize cybersecurity actions.
Download A Prioritized Approach using the Pareto Principle

 What's changed?

cis-controls-change-log
Cybersecurity is an evolving industry with an endless list of threat actors. The tools we use to stay safe and secure must be updated to match the current threat landscape. Find out how CIS Controls V7  was updated from version 6.1.
 Download CIS Controls Version 7 Change Log

 Assess your risk with CIS RAM

cis-ram
CIS Risk Assessment Method is a free information security risk assessment method that helps organizations implement and assess their security posture against the CIS Controls™ cybersecurity best practices. CIS RAM provides instructions, examples, templates, and exercises for conducting a cyber risk assessment.
Download CIS RAM (read FAQs)

Look at measures and metrics

cis-controls-measures-and-metrics
Want to see how well your organization is implementing the CIS Controls?
Download CIS Controls V7 Measures & Metrics

Interested in seeing how the CIS Controls map to other regulatory frameworks?

cis-controls-framework

If you are implementing the CIS Controls with a regulatory framework, this free tool provides a high-level mapping to NIST, ISO, PCI, HIPAA, etc.
Download CIS Controls V7.1 Mapping to NIST CSF

If you're a Small- or Medium-Sized Enterprise (SME), download the SME guide

cis-controls-sme-guide
This guide seeks to empower the owners of small and medium-sized enterprises (SMEs) to help them protect their businesses with a small number of high priority actions based on the CIS Controls - a comprehensive set of cybersecurity best practices developed by IT experts that address the most common threats and vulnerabilities.
Download SME Guide

Working in an Industrial Controls System Environment? Download the ICS Guide

cis-controls-ics-guide
On this document, we provide guidance on how to apply the security best practices found in CIS Controls Version 7 to ICS environments. For each top-level CIS Control, there is a brief discussion of how to interpret and apply the CIS Control in such environments, along with any unique considerations or differences from common IT environments.
Download ICS Guide

Interested in seeing how others implement the CIS Controls?

cis-controls-case-study
Industry professionals and organizations all around the world utilize the CIS Controls to enhance their organization's cybersecurity posture. Check out recent case studies to learn more.
Read CIS Controls Case Studies

CIS Controls Poster

controls-v7-poster
Learn about the basic, foundational, and organizational breakdown of the CIS Controls along with 5 keys for building a cybersecurity program with this downloadable poster.
Download CIS Controls V7 Poster

Assess Your Implementation of the CIS Controls


To help organizations with their adoption of the CIS Controls, CIS has developed a new web application.  This tool makes the powerful security guidance of the CIS Controls easier for teams to implement, track, and document.
Access CIS CSAT