Products & Solutions

The Security Configuration Benchmarks are distributed free of charge in PDF format to propagate their worldwide use and adoption as user-originated, de facto standards. The CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia.

The Benchmarks are:

  • Recommended technical control rules/values for hardening operating systems, middleware and software applications, and network devices;
  • Unique, because the recommendations are defined via consensus among hundreds of security professionals worldwide;
  • Used by thousands of enterprises as the basis for security configuration policies and the de facto standard for IT configuration best practices.

Available to CIS Security Benchmarks Members
In the Downloads section of the CIS Security Benchmarks Member Web site (registered account information required), members will find:

  • CIS-CAT, which tests a target systems for conformance with Benchmarks encoded in XCCDF.  CIS-CAT provides IT and security professionals with a fast, detailed assessment of target systems' conformance with CIS Benchmarks. CIS-CAT offers enterprises a powerful tool for analyzing and monitoring the security status of information systems and the effectiveness of internal security controls and processes.
  • Word/Excel Versions of the CIS Benchmarks
  • Automated remediation kits for implementing and assessing Benchmark guidance. The content allows you to automatically apply the recommended settings for a particular benchmark.

Learn about CIS Security Benchmarks Membership

Available Free of Charge
On this web site, you'll find:

    • Download Form
    • Browse Downloads
Description: http://benchmarks.cisecurity.org/images/feed-icon-14x14.png RSS Feed for CIS Downloads

 


 

The CIS-CAT Benchmark Assessment Tool

provides IT and security professionals with a fast, detailed assessment of target systems' conformance with CIS Benchmarks. CIS-CAT offers enterprises a powerful tool for analyzing and monitoring the security status of information systems and the effectiveness of internal security controls and processes.

CIS-CAT is an SCAP-validated FDCC Scanner.

CIS-CAT is available to CIS Security Benchmarks members. To learn more about becoming a member and gaining access to members-only resources, visit our Membership page.

Much More!

To view the complete repository of available resources, please visit our Security Resources page.

Remediation Kit


CIS Remediation Kits complement the CIS Secure Configuration Benchmarks and CIS's Configuration Assessment Tool (CIS-CAT) by reducing the level of effort to establish the secure configuration states prescribed and assessed by those resources. The Remediation Kits also provide CIS members with the ability to quickly configure their systems in conformance with CIS benchmarks.

Compliance for PCI, FISMA, HIPAA & More


The Payment Card Industry Data Security Standard (PCI DSS) comprises 12 Requirements to guide organizations processing cardholder data when securing their systems.

Implement The Critical Controls


The Council's Technology practice area is built upon the Critical Security Controls (the Controls), a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. The Controls have been developed and maintained by an international, grass-root consortium which includes a broad range of companies, government agencies, institutions, and individuals from every part of the ecosystem (threat responders and analysts, security technologists, vulnerability-finders, tool builders, solution providers, front-line defender, users, consultants, policy-makers, executives, academia, auditors, etc/) who have banded together to create, adopt and support the Controls

Cross Walk


Mapping the Council on Cybersecurity’s Critical Security Controls for Effective Cyber Defense and the Australian Signals Directorate’s Strategies to Mitigate Targeted Cyber Intrusions to CIS Benchmarks