Products & Solutions

CIS Security Benchmarks

CIS Security Benchmarks are recommended technical settings for operating systems, middleware and software applications, and network devices. Developed in a unique consensus-based process comprising hundreds of security professionals worldwide, the Security Benchmarks are free to download in PDF format.

CIS Security Benchmarks are the only consensus-based security configuration guides both developed and accepted by government, business, industry, and academia. They’re used by thousands of organizations around the world as de facto, best-practice configuration standards.

CIS Controls

The CIS Controls are a concise, prioritized set of cyber practices created to stop today’s most pervasive and dangerous cyber attacks. The CIS Controls are developed, refined, and validated by a community of leading experts from around the world. Organizations that apply just the first five CIS Controls can reduce their risk of cyber attack by around 85 percent. Implementing all 20 CIS Controls increases the risk reduction to around 94 percent.

The CIS Controls embrace the Pareto 80/20 Principle, the idea that taking just a small portion of all the security actions you could possibly take yields a very large percentage of the benefit of taking all those possible actions.

Top 5 CIS Controls

Control 1: Inventory of Authorized and Unauthorized Devices

Control 2: Inventory of Authorized and Unauthorized Software

Control 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers

Control 4: Continuous Vulnerability Assessment and Remediation

Control 5: Controlled Use of Administrative Privileges

Available to CIS Security Benchmarks Members

In the “downloads” section of the Security Benchmarks Member website (registered account information required), members will find:

  • CIS-CAT. CIS’s Configuration Assessment Tool (CIS-CAT) reports a target system’s conformance with the recommended settings in the Security Benchmarks. CIS-CAT is a powerful tool for analyzing and monitoring the security status of information systems and the effectiveness of internal security controls and processes.
  • CIS Controls
  • Word/Excel versions of the CIS Security Benchmarks
  • Automated remediation kits for implementing and assessing Security Benchmark guidance. These kits allow you to automatically apply the recommended settings for a particular benchmark.

Learn about CIS Membership Benefits and Pricing

Available Free of Charge

  • 100+ Security Benchmarks in PDF
  • 28 Security Metric Definitions in PDF which can be used to collect and analyze your organization’s security outcomes and process performance.
  • CIS Controls
  • 14-Day trial of CIS-CAT
  • Crosswalk: a mapping of the CIS Security Benchmarks to two leading security guidelines: the CIS Controls and the Australian Signals Directorate's (ASD) Strategies to Mitigate Targeted Cyber Intrusions. This crosswalk provides a comprehensive and prioritized blueprint of CIS Security Benchmarks for organizations to leverage with the corresponding security guidelines.
  • RSS feed: CIS Security Benchmarks updates
  • Webcasts
Download Free PDF Benchmarks