Secure Configuration Benchmarks

The CIS Security Benchmarks program provides well-defined, un-biased and consensus-based industry best practices to help organizations assess and improve their security. Resources include secure configuration benchmarks, automated configuration assessment tools and content, security metrics and security software product certifications.

The Security Benchmarks program is recognized as a trusted, independent authority that facilitates the collaboration of public and private industry experts to achieve consensus on practical and actionable solutions. Because of the reputation, our resources are recommended as industry-accepted system hardening standards and are used by organizations in meeting compliance requirements for FISMA, PCI, HIPAA and other security requirements.


The mission of the program is to establish and promote the use of consensus-based best practice standards to raise the level of security and privacy in Internet-connected systems, and to ensure the integrity of the public and private Internet-based functions and transactions on which society increasingly depends.

The Security Benchmarks program achieves its mission through a collaborative effort among:

  • Consensus Community: The community comprises IT security subject matter experts who volunteer their knowledge and experience to develop best practice guidance for the global Internet community.
  • Security Benchmarks Members: Membership includes companies of all sizes, government agencies, colleges and universities, nonprofits, IT auditors and consultants, security software vendors and other organizations.

The tremendous commitment to excellence and collaboration through which our consensus community and members operate is instrumental in our collective success.

Get A Free CIS-CAT 14 Day Trial

Provides IT and security professionals with a fast, detailed assessment of target systems' conformance with CIS Benchmarks. CIS-CAT offers enterprises a powerful tool for analyzing and monitoring the security status of information systems and the effectiveness of internal security controls and processes. Try Now.

Use Our Secure Configuration Benchmarks

Describe consensus best practices for the secure configuration of target systems and are developed via extensive collaboration with our volunteer consensus community. Configuring IT systems in compliance CIS Benchmarks has been shown to eliminate 80-95% of known security vulnerabilities. The CIS Benchmarks are globally used and accepted as the de facto user-originated standard for IT security technical controls and are freely available for download in PDF format. Download Now.