Products & Solutions
The Security Configuration Benchmarks are distributed free of charge in PDF format to propagate their worldwide use and adoption as user-originated, de facto standards. The CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia.
The Benchmarks are:
- Recommended technical control rules/values for hardening operating systems, middleware and software applications, and network devices;
- Unique, because the recommendations are defined via consensus among hundreds of security professionals worldwide;
- Used by thousands of enterprises as the basis for security configuration policies and the de facto standard for IT configuration best practices.
Available to CIS Security Benchmarks Members
In the Downloads section of the CIS Security Benchmarks Member Web site (registered account information required), members will find:
- CIS-CAT, which tests a target systems for conformance with Benchmarks encoded in XCCDF. CIS-CAT provides IT and security professionals with a fast, detailed assessment of target systems' conformance with CIS Benchmarks. CIS-CAT offers enterprises a powerful tool for analyzing and monitoring the security status of information systems and the effectiveness of internal security controls and processes.
- Word/Excel Versions of the CIS Benchmarks
- Automated remediation kits for implementing and assessing Benchmark guidance. The content allows you to automatically apply the recommended settings for a particular benchmark.
Available Free of Charge
On this web site, you'll find:
- Information about the Benchmarks, Metrics, and Assessment Tools
- 111 (Auto-populates via J-SON) Benchmark documents in PDF
- Download Form
- Browse Downloads
- 28 Security Metric Definitions in PDF can be used across organizations to collect and analyze data on security outcomes and process performance.
- CIS Controlsare especially relevant because they are based on actual attack data pulled from a variety of public and private threat sources.
- Crosswalk- CIS maps its Benchmarks to two leading security guidelines: the Critical Security Controls for Effective Cyber Defense and the Australian Signals Directorate's (ASD) Strategies to Mitigate Targeted Cyber Intrusions. The CIS mapping provides a "crosswalk" - a comprehensive and prioritized blueprint of CIS Benchmarks for organizations to leverage to help accomplish the corresponding security guidelines' recommendations.
provides IT and security professionals with a fast, detailed assessment of target systems' conformance with CIS Benchmarks. CIS-CAT offers enterprises a powerful tool for analyzing and monitoring the security status of information systems and the effectiveness of internal security controls and processes.
CIS-CAT is an SCAP-validated FDCC Scanner.
CIS-CAT is available to CIS Security Benchmarks members. To learn more about becoming a member and gaining access to members-only resources, visit our Membership page.
To view the complete repository of available resources, please visit our Security Resources page.
CIS Remediation Kits complement the CIS Secure Configuration Benchmarks and CIS's Configuration Assessment Tool (CIS-CAT) by reducing the level of effort to establish the secure configuration states prescribed and assessed by those resources. The Remediation Kits also provide CIS members with the ability to quickly configure their systems in conformance with CIS benchmarks.
The Payment Card Industry Data Security Standard (PCI DSS) comprises 12 Requirements to guide organizations processing cardholder data when securing their systems.
The Council's Technology practice area is built upon the Critical Security Controls (the Controls), a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. The Controls have been developed and maintained by an international, grass-root consortium which includes a broad range of companies, government agencies, institutions, and individuals from every part of the ecosystem (threat responders and analysts, security technologists, vulnerability-finders, tool builders, solution providers, front-line defender, users, consultants, policy-makers, executives, academia, auditors, etc/) who have banded together to create, adopt and support the Controls
Mapping the Council on Cybersecurityâ€™s Critical Security Controls for Effective Cyber Defense and the Australian Signals Directorateâ€™s Strategies to Mitigate Targeted Cyber Intrusions to CIS Benchmarks