CIS Controls Self Assessment Tool (CIS CSAT)

Track and prioritize your implementation of the CIS Controls

The CIS Critical Security Controls® (CIS Controls®) are a prioritized set of consensus-developed security best practices used by enterprises around the world to defend against cyber threats.

The CIS Controls Self Assessment Tool (CIS CSAT) helps enterprises assess, track, and prioritize their implementation of CIS Controls v7.1 and v8.

This powerful tool can help organizations improve their cyber defense program regardless of size or resources. CIS CSAT can help enterprises identify where CIS Controls Safeguards are already well-implemented and where there are weak points that could be improved. This can be useful information as enterprises decide where to devote their limited cybersecurity resources.

Download the CIS Controls


With CIS CSAT you can…

Automate CIS Controls assessments

Stop tracking your implementation of the CIS Controls using spreadsheets. Save yourself time and effort by automating the CIS Controls assessment process.


Collaborate across teams and assign user roles

Enable everyone to play their part in supporting your enterprise's implementation of the CIS Controls.


Monitor alignment to other security frameworks

View your alignment with security frameworks including NIST CSF, PCI DSS, and NIST SP 800-53 using CIS Controls mappings.


Upload documentation as supporting evidence

Assess your implementation efforts at the CIS Safeguard level, choose which Safeguards to include in your assessments, and use these assessments to enable auditing and evidence collection.


Start tracking your implementation of the CIS Controls today!

Get access to CIS CSAT Pro through CIS SecureSuite Membership to start tracking your implementation.

Apply For Membership

CIS CSAT Overview

With CIS CSAT you can…

Automate CIS Controls assessments

Stop tracking your implementation of the CIS Controls using spreadsheets. Save yourself time and effort by automating the CIS Controls assessment process.


Collaborate across teams and assign user roles

Enable everyone to play their part in supporting your enterprise's implementation of the CIS Controls.


Monitor alignment to other security frameworks

View your alignment with security frameworks including NIST CSF, PCI DSS, and NIST SP 800-53 using CIS Controls mappings.


Upload documentation as supporting evidence

Assess your implementation efforts at the CIS Safeguard level, choose which Safeguards to include in your assessments, and use these assessments to enable auditing and evidence collection.


Start tracking your implementation of the CIS Controls today!

Get access to CIS CSAT Pro through CIS SecureSuite Membership to start tracking your implementation.

Apply For Membership

Features

There are two versions of CIS CSAT: Pro and Hosted. We have also released a CIS CSAT Ransomware Business Impact Analysis tool.


CIS CSAT Pro

CIS CSAT Pro is the on-premises version of the tool and is available exclusively to CIS SecureSuite Members. It offers a wide range of features and benefits:

  • Greater control over your data – Decide whether to keep your data in-house, or opt in to anonymously share and see how your scores compare to the industry average.
  • Greater flexibility with organization trees for managing organizations, sub-organizations, and assessments.
  • Greater control over user roles – Assign users to different roles for different organizations/sub-organizations, as well as separate administrative and non-administrative roles.
  • Track multiple concurrent assessments in the same organization.
  • Easily access your tasks, assessments, and organizations from a consolidated home page.
  • Save time by using a simplified scoring method with a reduced number of questions.

CIS-Hosted CSAT

CIS-hosted CSAT is a web-based portal version of CSAT hosted by CIS. It is free to every organization for use in a non-commercial capacity to conduct an assessment of their organization's own implementation of the CIS Controls.

Register Now

Start tracking your implementation of the CIS Controls today!

Get access to CIS CSAT Pro through CIS SecureSuite Membership to start tracking your implementation.

Apply For Membership

Shield

Now Available!
CIS CSAT Ransomware Business Impact Analysis Tool

Organizations can evaluate their likelihood of experiencing a ransomware attack and its potential impacts by using the CIS CSAT Ransomware Business Impact Analysis (BIA) tool. This utility has been created by CIS in partnership with Foresight Resilience Strategies (4RS). The BIA tool applies scores for ransomware-related Safeguards to estimate an enterprise’s likelihood of being affected by a ransomware attack; those who have already started an assessment using CIS-Hosted CSAT can import the scores from that assessment. Get started assessing your ransomware risks today!

Support Articles

Here are some "How-To" articles and other resources to help you maximize your use of CIS CSAT.

Review Now

Blogs

Learn more about CIS CSAT and the CIS Critical Security Controls.

View all blog posts

FAQs

We've answered some common questions about CIS CSAT Pro and CIS-hosted CSAT.

Read On

CIS-CSAT

Already a CIS SecureSuite Member?

Begin automating your assessment of the CIS Controls.

Download CIS CSAT Pro

Ready to Try CIS CSAT?

Sign up today

Questions?

Still have questions or need more information? You can contact us directly.

Get in Touch