Secure Configuration Benchmarks

The CIS Security Benchmarks program provides well-defined, un-biased and consensus-based industry best practices to help organizations assess and improve their security. Resources include secure configuration benchmarks, automated configuration assessment tools and content, security metrics and security software product certifications.

The Security Benchmarks program is recognized as a trusted, independent authority that facilitates the collaboration of public and private industry experts to achieve consensus on practical and actionable solutions. Because of the reputation, our resources are recommended as industry-accepted system hardening standards and are used by organizations in meeting compliance requirements for FISMA, PCI, HIPAA and other security requirements.

Mission


The mission of the program is to establish and promote the use of consensus-based best practice standards to raise the level of security and privacy in Internet-connected systems, and to ensure the integrity of the public and private Internet-based functions and transactions on which society increasingly depends.

The Security Benchmarks program achieves its mission through a collaborative effort among:

  • Consensus Community: The community comprises IT security subject matter experts who volunteer their knowledge and experience to develop best practice guidance for the global Internet community.
  • Security Benchmarks Members: Membership includes companies of all sizes, government agencies, colleges and universities, nonprofits, IT auditors and consultants, security software vendors and other organizations.

The tremendous commitment to excellence and collaboration through which our consensus community and members operate is instrumental in our collective success.

Get A Free CIS-CAT 14 Day Trial


Provides IT and security professionals with a fast, detailed assessment of target systems' conformance with CIS Benchmarks. CIS-CAT offers enterprises a powerful tool for analyzing and monitoring the security status of information systems and the effectiveness of internal security controls and processes. Try Now.

Use Our Secure Configuration Benchmarks


Describe consensus best practices for the secure configuration of target systems and are developed via extensive collaboration with our volunteer consensus community. Configuring IT systems in compliance CIS Benchmarks has been shown to eliminate 80-95% of known security vulnerabilities. The CIS Benchmarks are globally used and accepted as the de facto user-originated standard for IT security technical controls and are freely available for download in PDF format. Download Now.

Implement The Critical Controls


The Council's Technology practice area is built upon the Critical Security Controls (the Controls), a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. The Controls have been developed and maintained by an international, grass-root consortium which includes a broad range of companies, government agencies, institutions, and individuals from every part of the ecosystem (threat responders and analysts, security technologists, vulnerability-finders, tool builders, solution providers, front-line defender, users, consultants, policy-makers, executives, academia, auditors, etc/) who have banded together to create, adopt and support the Controls.