CIS RAM (Risk Assessment Method)

Published on February 4, 2022

CIS RAM (Center for Internet Security Risk Assessment Method) is an information security risk assessment method that helps organizations implement and assess their security posture against the CIS Critical Security Controls (CIS Controls) cybersecurity best practices.

This download will have a family of documents available as they are released.

Available Now:

  • CIS RAM Core v2.1
  • CIS RAM for Implementation Group 1 (IG1) v2.1 and Companion Workbook
  • CIS RAM for Implementation Group 2 (IG2) v2.1 and Companion Workbook
  • CIS RAM for Implementation Group 3 (IG3) v2.1 & Companion Workbook

Coming Soon:

 

CIS RAM

As of June 23, 2025, the MS-ISAC has introduced a fee-based membership. Any potential reference to no-cost MS-ISAC services no longer applies.