HomeCIS Critical Security ControlsCIS Controls Self Assessment Tool (CIS CSAT)

CIS Controls Self Assessment Tool (CIS CSAT)

The CIS Controls® Self Assessment Tool, also known as CIS CSAT, enables organizations to assess and track their implementation of the CIS Critical Security Controls for Versions 8 and 7.1. The CIS Controls are a prioritized set of consensus-developed security best practices used by organizations around the world to defend against cyber threats.

Download the CIS Controls


CIS CSAT Features

CIS CSAT enables security teams to track and prioritize their implementation of the CIS Controls. For each CIS Control and CIS Safeguard, CIS CSAT helps an organization track its documentation, implementation, automation, and reporting.

Use CIS CSAT to:

  • Collaborate across teams and assign user roles
  • Choose which specific Safeguards to include in your assessments
  • Upload documentation as supporting evidence
  • Track assessments over time and view graphs of your progress
  • Monitor alignment to other security frameworks with CIS Controls mappings to frameworks including NIST CSF and NIST SP 800-53
  • Anonymously compare results to industry averages
  • Coming Soon. Estimate an enterprise’s likelihood of being affected by a ransomware attack with the Ransomware Business Impact Analysis tool (created in partnership with Foresight Resilience Strategies (4RS))

There are two versions of CIS CSAT: a CIS-hosted version and an on-premises version for CIS SecureSuite Members called CIS CSAT Pro.

CIS-Hosted CSAT

The CIS-hosted version of CIS CSAT is free to every organization for use in a non-commercial capacity to conduct CIS Controls assessments of their organization.

Access CIS CSAT


CIS CSAT Pro

The on-premises version of CIS CSAT is available exclusively for CIS SecureSuite Members. This version offers additional features and benefits:

  • Save time by using a simplified scoring method with a reduced number of questions
  • Decide whether to opt in to share data and see how scores compare to industry average
  • Greater flexibility with organization trees for tracking organizations, sub-organizations, and assessments
  • Assign users to different roles for different organizations/sub-organizations as well as greater separation of administrative and non-administrative roles
  • Track multiple concurrent assessments in the same organization
  • Easily access your tasks, assessments, and organizations from a consolidated home page
  • Includes CIS Controls Safeguard mappings to NIST CSF, NIST SP 800-53, and PCI
Learn About CIS SecureSuite Membership
Already a Member? Download CIS CSAT Pro now

Security for Every Organization

This powerful tool can help organizations improve their cyber defense program, regardless of size or resources. CIS CSAT can help organizations identify where CIS Controls Safeguards are already well-implemented and where there are weak points that could be improved. This can be useful information as organizations decide where to devote their limited cybersecurity resources.

For more information, visit the CIS CSAT FAQ.

Information Hub

CIS Controls

Blog Post04.15.2024
CIS Benchmarks Volunteer Spotlight: Pierluigi Falcone
Read More
Press Release03.06.2024
Making a Difference and Building Capacity in 2023
Read More
White Paper02.29.2024
CIS Controls v8 Mapping to NIST CSF 2.0
Read More
White Paper02.29.2024
CIS 2023 Year in Review
Read More