CIS ASSESSMENT

Center for Internet Security

The Center for Internet Security (CIS) is a not-for-profit organization “dedicated to enhancing the cybersecurity readiness and response among public and private sector entities.” CIS partners with industry and government to fight evolving cybersecurity challenges, and helps organizations (public and private) adopt key best practices to achieve immediate and effective defenses against cyber attacks.

Security Benchmarks and Critical Security Controls

The CIS Security Benchmarks program delivers a set of well-defined and consensus-based industry best practices to help organizations assess and improve their security. The CIS Critical Security Controls for Effective Cyber Defense (“the Controls”), formerly known as the SANS Top 20, are a recommended set of 20 security measures that are considered the “priority actions” that may be considered the starting point for an organization’s security program. The goal of complying with CIS standards can be arduous, but like most processes, becomes more straightforward with a clear and proven approach.  Complying with CIS Benchmarks and CIS Security Controls are really two different processes, with overlapping goals and some efforts in common. 

Achieving Compliance

It behooves all organizations, both public and private, to consider the CIS Critical Security Controls as part of an overall cyberdefense program. Auditors understandably prefer assessment results produced by someone other than the system owners and implementers. Let Aerstone help your organization achieve compliance one of our CIS assessments.