Mapping and Compliance

At CIS, we believe in collaboration - that by working together, we can find real solutions for real threats. The CIS Controls and CIS Benchmarks grow more integrated every day through discussions taking place in our international communities and the development of CIS SecureSuite Membership resources. CIS Controls annotations have been completed for the following CIS Benchmarks:

  • Microsoft Windows Server 2008, 2012, 2012 R2, & 2016
  • Microsoft Windows 10
  • Microsoft Windows 7 Workstation
  • Red Hat Enterprise Linux 6 & 7
  • CentOS Linux 6 & 7

Organizations often use multiple frameworks to guide their cybersecurity strategy. From the organizational policies and workflows laid out in the CIS Controls to the most detailed configuration checks in a CIS Benchmark, our resources are developed to work well as stand-alone resources or as companions to additional frameworks:

Mappings of Regulatory Frameworks to CIS Controls

CIS Controls Poster

"Where we get the biggest bang for our buck is in the CIS Controls. They help up to prioritize the other compliance frameworks."
- Security Analyst

Case study: Worldwide Outdoor Retailer Uses the CIS Controls as Primary Framework

PCI DSS

Some of the the world's biggest retailers use the CIS SecureSuite resources to help meet Payment Card Industry Data Security Standard (PCI DSS) requirements.  PCI DSS Requirement 2 points directly to the CIS Benchmarks:

2.2.a. Examine the organization’s system configuration standards for all types of system components and verify the system configuration standards are consistent with industry accepted hardening standards—for example, SysAdmin Audit Network Security (SANS), National Institute of Standards and Technology (NIST), and the Center for Internet Security (CIS).

The CIS Benchmarks and CIS Controls can help with multiple aspects of PCI DSS compliance, including:

  • 1.1 Firewall and Router Configurations
  • 6.1 Patch Management
  • 7.1 Access Control
  • 6.4 Change Control

FISMA

The National Checklist Program Repository recommends the CIS Benchmarks to federal agencies and other organizations trying to meet Federal Information Security Modernization Act (FISMA) compliance. CIS-CAT Pro, our automated configuration assessment tool, has been validated by the NIST Security Content Automation Protocol (SCAP) to audit systems subject to FISMA requirements in the following categories:

  • FDCC Scanner
  • Authenticated Configuration Scanner

See our SCAP validation.

Additional security standards

Because the CIS Controls and CIS Benchmarks provide guidance addressing major cybersecurity needs such as asset classification, authentication methods and privileges, event logging, and encryption, they are also frequently used by organizations seeking compliance with:

  • ISO / IEC 27002
  • HIPAA
  • ITIL

 

CIS Controls logo

 

Arrow Download the First 5 CIS Controls

 

Arrow Download All 20 CIS Controls

 

CIS-SecureSuite-Logo

 

Arrow Learn about CIS SecureSuite Membership

 

 

 

 

What People are Saying:

“We’re very happy with CIS and the work that you guys are doing to help businesses like ours develop and validate our security posture.”

- Information Security Officer
Payment Solution Company

See more