Products & Solutions
CIS Security Benchmarks
CIS Security Benchmarks are recommended technical settings for operating systems, middleware and software applications, and network devices. Developed in a unique consensus-based process comprising hundreds of security professionals worldwide, the Security Benchmarks are free to download in PDF format.
CIS Security Benchmarks are the only consensus-based security configuration guides both developed and accepted by government, business, industry, and academia. They’re used by thousands of organizations around the world as de facto, best-practice configuration standards.
The CIS Controls are a concise, prioritized set of cyber practices created to stop today’s most pervasive and dangerous cyber attacks. The CIS Controls are developed, refined, and validated by a community of leading experts from around the world. Organizations that apply just the first five CIS Controls can reduce their risk of cyber attack by around 85 percent. Implementing all 20 CIS Controls increases the risk reduction to around 94 percent.
The CIS Controls embrace the Pareto 80/20 Principle, the idea that taking just a small portion of all the security actions you could possibly take yields a very large percentage of the benefit of taking all those possible actions.
Top 5 CIS Controls
Control 1: Inventory of Authorized and Unauthorized Devices
Control 2: Inventory of Authorized and Unauthorized Software
Control 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers
Control 4: Continuous Vulnerability Assessment and Remediation
Control 5: Controlled Use of Administrative Privileges
Available to CIS Security Benchmarks Members
In the “downloads” section of the Security Benchmarks Member website (registered account information required), members will find:
- CIS-CAT. CIS’s Configuration Assessment Tool (CIS-CAT) reports a target system’s conformance with the recommended settings in the Security Benchmarks. CIS-CAT is a powerful tool for analyzing and monitoring the security status of information systems and the effectiveness of internal security controls and processes.
- CIS Controls
- Word/Excel versions of the CIS Security Benchmarks
- Automated remediation kits for implementing and assessing Security Benchmark guidance. These kits allow you to automatically apply the recommended settings for a particular benchmark.
Available Free of Charge
- 100+ Security Benchmarks in PDF
- 28 Security Metric Definitions in PDF which can be used to collect and analyze your organization’s security outcomes and process performance.
- CIS Controls
- 14-Day trial of CIS-CAT
- Crosswalk: a mapping of the CIS Security Benchmarks to two leading security guidelines: the CIS Controls and the Australian Signals Directorate's (ASD) Strategies to Mitigate Targeted Cyber Intrusions. This crosswalk provides a comprehensive and prioritized blueprint of CIS Security Benchmarks for organizations to leverage with the corresponding security guidelines.