CIS Controls Self Assessment Tool (CIS CSAT)

The CIS Controls are a prescriptive, prioritized, and simplified set of cybersecurity best practices. They are used and developed by thousands of cybersecurity experts worldwide and are mapped to many other security frameworks. The CIS Controls Self Assessment Tool (CIS CSAT) helps organizations with adoption of the CIS Controls. This tool makes the powerful security guidance of the CIS Controls easier for teams to implement, track, and document progress.

CIS CSAT Features

CIS CSAT enables security teams to track and prioritize their implementation of the CIS Controls. For each CIS Control and CIS Sub-Control (also known as a safeguard), CIS CSAT helps an organization track its documentation, implementation, automation, and reporting.

Use CIS CSAT to:

  • Collaborate across teams and assign user roles
  • Choose which specific Sub-Controls to include
  • Upload documentation as supporting evidence
  • Track assessment over time
  • Monitor alignment to other security frameworks
  • Anonymously compare results to an industry average or other peer groups

There are two versions of CIS CSAT: a CIS-hosted version and an on-premises version for CIS SecureSuite Members called CIS CSAT Pro.

CIS CSAT

The CIS-hosted version of CIS CSAT is free to every organization for use in a non-commercial capacity to conduct CIS Controls assessments of their organization.

Access CIS CSAT

CIS CSAT Pro

The on-premises version of CIS CSAT is available exclusively for CIS SecureSuite® Members. This version offers additional features and benefits:

  • Save time by using a simplified scoring method with a reduced number of questions
  • Decide whether to opt in to share data and see how scores compare to industry average
  • Greater flexibility with organization trees for tracking organizations, sub-organizations, and assessments
  • Assign users to different roles for different organizations/sub-organizations as well as greater separation of administrative and non-administrative roles
  • Track multiple concurrent assessments in the same organization
Learn About CIS SecureSuite Membership
Already a Member? Download CIS CSAT Pro now

Security for Every Organization

This powerful tool can help organizations improve their cyber defense program, regardless of size or resources. CIS CSAT can help organizations identify where their CIS Controls safeguards are already well-implemented and where there are weak points that could be improved. This can be useful information as organizations decide where to devote their limited cybersecurity resources.

For more information, visit the CIS CSAT FAQ.