CIS RAM (Risk Assessment Method)
Published on December 5, 2025
The Center for Internet Security Risk Assessment Method) (CIS RAM) is an information security risk assessment method that helps organizations implement and assess their security posture against the CIS Critical Security Controls (CIS Controls) cybersecurity best practices.
The latest family of documents for CIS RAM v2.2 for v8.1 are available now. This download will have a family of documents available as they are released.
Family of Documents:
- CIS RAM Core v2.2
- CIS RAM for Implementation Group 1 (IG1) v2.2 and Companion Workbook
- CIS RAM for Implementation Group 2 (IG2) v2.2 and Companion Workbook
- CIS RAM for Implementation Group 3 (IG3) v2.2 & Companion Workbook
- CIS RAM and the VERIS Community Database
Looking for a Previous Version? CIS RAM for Controls v8 and v7.1 are available for download.
As of June 23, 2025, the MS-ISAC has introduced a fee-based membership. Any potential reference to no-cost MS-ISAC services no longer applies.
