Center for Internet Security (CIS)

CSI makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, ondemand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. elections offices.

To learn more, visit or follow along on Twitter: @CISecurity.

CIS Benchmarks™

CIS Benchmarks are consensus-developed secure configuration guidelines for hardening operating systems, servers, cloud environments, and more. There are 100+ CIS Benchmarks covering more than 14 technology groups.

Available as a no-cost download for non-commercial use, the CIS Benchmarks help organizations secure endpoints from configuration vulnerabilities. The CIS Benchmarks are recognized as secure configuration best practices that can help organizations meet compliance for PCI DSS, HIPAA, FedRAMP, and others.

Unlike other security recommendations, the CIS Benchmarks are not derived from a single vendor or security manufacturer’s perspective. They’re created through a unique consensus-development process. Subject matter experts, security professionals, and technologists from around the world contribute to the development of a single CIS Benchmark.

The CIS Benchmarks are built by the consensus communities on a platform called CIS WorkBench. In addition to being a hub where thousands gather to discuss configuration best practices, CIS WorkBench provides special features for creating custom configuration policies. It’s also a central repository for accessing CIS Benchmark files and content.

benchmarksCIS Benchmarks Quick Facts

  • Not derived from a single vendor or security manufacturer's perspective
  • Built by consensus communities on CIS WorkBench
  • Provides special features for creating custom configuration policies
  • Central repository for accessing CIS Benchmark files and content

CIS Controls®

The CIS Controls are a prescriptive, prioritized, and simplified set of cybersecurity best practices and defensive actions that can help support compliance in a multi-framework era. They are leveraged by organizations around the world to provide specific guidance and a clear pathway to achieve the goals and objectives described by multiple legal, regulatory, and policy frameworks. The CIS Controls are prioritized in Implementation Groups (IGs). Separating the CIS Controls IGs make their application across multiple frameworks easier. Implementing all of the CIS Controls is the definition of an effective cybersecurity program. Effectively implementing IG 1 represents basic cyber hygiene for any organization.

controlsCIS Controls Quick Facts

  • Helps support cybersecurity compliance in a multi-framework era
  • Provides specific guidance and a clear pathway to achieve goals and objectives
  • Prioritized in Implementation Groups (IGs)


CIS-CAT® Pro is a configuration assessment tool and dashboard used by organizations around the world to improve their security posture. CIS-CAT Pro Assessor quickly compares the configuration of a target system to CIS Benchmark recommendations and reports conformance on a scale of 0-100. Using the CIS Controls Assessment Module, it also scans endpoints against the CIS Controls Implementation Group 1. An integrated component to CIS-CAT Pro Assessor is CIS-CAT Pro Dashboard, which allows users to view system compliance to the CIS Benchmarks over a period of time with dynamic reporting features.

CISCATproCIS-CAT Pro Quick Facts

  • Conformance is reported on a scale of 0-100
  • Scans endpoints against the CIS controls Implementation Group 1 using a CIS Controls Assessment Module
  • Users can view system compliance to CIS Benchmarks with the integrated component, CIS-CAT Pro Dashboard

Contact CTI to Improve Your Business with the Center for Internet Security