The [CIS Controls] are a baseline of high-priority information security measures and controls that can be applied across an organization in order to improve its cyber defense.
Centre for the Protection of National Infrastructure
The CIS Controls are known set of best practices. As a non-profit organization, we are trying to balance what the government and private industry are doing. In rewriting our policies and procedures, we decided to build in the CIS Controls into our standards.
Mitchell Brockbank, Director – IT
Risk and Security Team
Citizens Property Insurance Corporation
The [CIS Controls] identify a minimum level of information security that all organizations that collect or maintain personal information should meet.
Kamala D. Harris, Attorney General
California Department of Justice
California Data Breach Report
I see CIS Controls as being an extremely important tool in assisting organizations to protect their information assets. The [CIS] Controls provide a pragmatic and achievable set of requirements that are shown to reduce the level of information security-related risk.
Tony Krzyzewski, Director
SAM for Compliance Ltd
The CIS Controls definitely fills a gap where other leading frameworks gloss over and that is where we reference them.
Tom Cornelius, Senior Partner
In 2015, I came across the CIS Controls and fell in love with the CIS Controls spreadsheet. We adopted the CIS Controls as our framework going forward.
John Nord, Manager of IT and Business Systems
The CIS Controls helped us set a vision for the state and gave us a framework for the implementation.
Thomas Olmstead, CISO
State of Iowa
I’m a huge fan of the [CIS] Controls…CIS Controls provide a strong story and framework.
Christophe Demoor, CISM
This is where the [CIS Controls] are almost perfect for establishing a security baseline for smaller organizations.
James Jacobs, CEE
Start by taking care of the basics: build a solid cybersecurity foundation by implementing the [CIS Controls], especially application white-listing, standard secure configurations, reduction of administrative privileges, and a quick patching process.
Zurich Insurance Group
Risk Nexus: Overcome by cyber risks?
Economic benefits and costs of alternate cyber futures
CIS Benchmarks are very useful to apply security best practices on our platform and for the secure configuration of our system.
Information System Directorate
We needed to reach a security compliance for one of our clients and using CIS we were able to generate reports to prove our process.
Director of Information Technology
Spring Design Partners, Inc.
New York, USA
Thank you for your efforts to better secure the overall cyber environment.
Security Technical Architect
Asset Management & Business Processing Solution Company
CIS’ collaborative correlation between standards facilitates the time to market our supplied assets covered by the CIS Benchmarks.
Cyber Information Assurance Specialist
Defense Technology Company
Thank you for the services you provide, they are very valuable and appreciated.
Keith Guest, PMP, Computer Specialist
Information Services Division, Enterprise Services Center
A division of the Federal Aviation Administration
Washington D.C., USA
The CIS SecureSuite membership is the most important membership for the compliance reviews of information security available in the market today. It reduces labor cost to develop standards by comparing control effectiveness against CIS Benchmarks.
Senior Manager Information Security & Compliance: Internal IT
International Public Service Information & Communications Technology Agency
We’re very happy with CIS and the work that you guys are doing to help businesses like ours develop and validate our security posture.
Information Security Officer
Payment Solution Company