Mapping and Compliance

Collaboration Enhances Cybersecurity Compliance

At CIS, we believe in collaboration - by working together, we find real solutions for real cybersecurity threats. Our cybersecurity best practices grow more integrated every day through discussions taking place in our international communities and in the development of CIS SecureSuite Membership resources.

CIS’s cybersecurity best practices and tools can assist organizations who are working towards compliance.

CIS Critical Security Controls (CIS Controls) – Prescriptive, prioritized, and simplified set of cybersecurity best practices. The are the definition of an effective cybersecurity program.

CIS Benchmarks – Consensus-developed secure configuration guidelines for hardening operating systems, servers, cloud environments, and more. There are more than 100 CIS Benchmarks covering 25+ vendor product families. The CIS Benchmarks provide mapping as applicable to the CIS Controls. As we release new and updated content we will map the CIS Benchmark recommendations to the latest version of the CIS Controls at the time of release.

CIS-CAT Pro – Combines the powerful security guidance of the CIS Controls and CIS Benchmarks into an assessment tool. Leveraging the CIS-CAT Pro Assessor and Dashboard components, users can view conformance to best practices and improve compliance scores over time.

Industry Frameworks Recognition

We are in a multi-framework era where organizations large and small, public and private, are tasked with complying with multiple cybersecurity policy, regulatory and legal frameworks . From the organizational policies and workflows laid out in the CIS Controls to the most detailed configuration checks in a CIS Benchmark, our resources are developed to work well as stand-alone resources or as companions to additional frameworks. See how the CIS Controls map to popular industry frameworks with the CIS Controls Navigator.





ISO/IEC 27001

State Legislation Leveraging the CIS Controls

Ohio Data Protection Act

California 2016 Data Breach Report

Nevada S.B. 302

Idaho Executive Order No. 2017-02

National Governor’s Association

Connecticut HB6607

Cybersecurity Resources Referencing CIS’s Best Practices

CIS resources are also referenced in various cybersecurity guides and programs. Below are a few independent cyber defense and resource guides which mention CIS resources:

Additional Resources

CIS Controls Navigator - Interactive Mapping

CIS Controls Companion Guides and Mappings