(301) 760-7604


Center for Internet Security’s (CIS) Critical Security Controls Compliance

Ideal for


Center for Internet Security

The Center for Internet Security (CIS) is a not-for-profit organization “dedicated to enhancing the cybersecurity readiness and response among public and private sector entities.” CIS partners with industry and government to fight evolving cybersecurity challenges, and helps organizations (public and private) adopt key best practices to achieve immediate and effective defenses against cyber attacks.

Security Benchmarks and Critical Security Controls

The CIS Security Benchmarks program delivers a set of well-defined and consensus-based industry best practices to help organizations assess and improve their security. The CIS Critical Security Controls for Effective Cyber Defense (“the Controls”), formerly known as the SANS Top 20, are a recommended set of 20 security measures that are considered the “priority actions” that may be considered the starting point for an organization’s security program. The goal of complying with CIS standards can be arduous, but like most processes, becomes more straightforward with a clear and proven approach.  Complying with CIS Benchmarks and CIS Security Controls are really two different processes, with overlapping goals and some efforts in common. 

Achieving Compliance

It behooves all organizations, both public and private, to consider the CIS Critical Security Controls as part of an overall cyberdefense program. Auditors understandably prefer assessment results produced by someone other than the system owners and implementers. Let Aerstone help your organization achieve compliance one of our CIS assessments.

Our Experience Sets Us Apart

Aerstone is an NSA-certified vulnerability assessor, and a service-disabled veteran-owned small business.

We approach each engagement with the highest levels of professionalism, determination, and creativity, honed by years of working with security professionals across the military, intelligence community, civilian government, and private industry.

More Products

PCI Compliance

PCI Qualified Security Assessments for payment card acceptance


CMMC Readiness Assessments for DoD Contractor Companies

Red Flag Rules

Compliance With FTC Identity Theft Legislation

Connect with Aerstone’s cybersecurity experts today.

Let us know what you’re interested in and we’ll get back to you within 24 hours.