Mapping and Compliance

Collaboration Enhances Cybersecurity Compliance

At CIS, we believe in collaboration – by working together, we find real solutions for real cybersecurity threats. Our cybersecurity best practices grow more integrated every day through discussions taking place in our international communities and in the development of CIS SecureSuite Membership resources.

CIS’s cybersecurity best practices and tools can assist organizations who are working towards compliance.

CIS Critical Security Controls (CIS Controls) – Prescriptive, prioritized, and simplified set of cybersecurity best practices. The are the definition of an effective cybersecurity program.

CIS Benchmarks – Consensus-developed secure configuration guidelines for hardening operating systems, servers, cloud environments, and more. There are more than 100 CIS Benchmarks covering 25+ vendor product families. The CIS Benchmarks provide mapping as applicable to the CIS Controls. As we release new and updated content we will map the CIS Benchmark recommendations to the latest version of the CIS Controls at the time of release.

CIS-CAT Pro – Combines the powerful security guidance of the CIS Controls and CIS Benchmarks into an assessment tool. Leveraging the CIS-CAT Pro Assessor and Dashboard components, users can view conformance to best practices and improve compliance scores over time.

CIS Controls Self Assessment Tool (CSAT) – Helps enterprises assess, track, and prioritize their implementation of the CIS Controls. This powerful tool can help organizations improve their cyber defense program regardless of size or resources. CIS CSAT can help enterprises identify where CIS Controls Safeguards are already well-implemented and where there are weak points that could be improved.

Industry Frameworks Recognition

We are in a multi-framework era where organizations large and small, public and private, are tasked with complying with multiple cybersecurity policy, regulatory and legal frameworks . From the organizational policies and workflows laid out in the CIS Controls to the most detailed configuration checks in a CIS Benchmark, our resources are developed to work well as stand-alone resources or as companions to additional frameworks. See how the CIS Controls map to popular industry frameworks with the CIS Controls Navigator.





ISO/IEC 27001


State Legislation Leveraging the CIS Controls

American Industries Association, NAS9933



Conference of State Bank Supervisors

Connecticut HB6607

Idaho Executive Order No. 2017-02




National Governor’s Association


Ohio Data Protection Act


U.S. Department of Transportation


Cybersecurity Resources Referencing CIS’s Best Practices

CIS resources are also referenced in various cybersecurity guides and programs. Below are a few independent cyber defense and resource guides which mention CIS resources:

Additional Resources

CIS Controls Navigator – Interactive Mapping

CIS Controls Companion Guides and Mappings