Aerstone Releases White Paper on CIS Critical Security Control Compliance

ROCKVILLE, Maryland — May 3, 2016 —Aerstone today released a white paper urging organizations, both public and private, to consider the Center for Internet Security’s (CIS) Critical Security Controls as part of an overall cyberdefense program. The publication addresses the notion of threats and risks, provides background on the CIS Critical Security Controls and CIS Benchmarks, defines the process for compliance and assessment, and presents lessons learned from Aerstone’s experience as a CIS assessor.

Aerstone notes CIS compliance can make organizations more secure, and allows faster recovery from cyber intrusions. In addition to a recommended set of twenty security measures that are considered the “priority actions” that may be considered the starting point for an organization’s security program, CIS also provides a set of “effectiveness tests” that provide practical compliance guidance to IT managers, cybersecurity practitioners, and assessors. Aerstone’s white paper provides the five critical tenants of effective cyberdefense:

  • Offense Informs Defense
  • Prioritization
  • Metrics
  • Continuous Monitoring
  • Automation

The white paper also offers readers some lessons learned to achieve CIS Critical Security Controls compliance and incident reporting, including (but not limited to):

  • Third-party confirmation is better than doing it yourself
  • Most real problems come from poor configuration management
  • Style is just as important to the auditors as substance

To download the publication visit

To learn more about Aerstone’s CIS assessment services, visit

About Aerstone

Quest Consultants LLC DBA Aerstone is a veteran owned small business (VOSB) that provides subject matter expertise and software development services in the field of advanced cybersecurity. Our commercial customers include medium and large organizations in the financial services, legal, utility, and education spaces – as well as a number of non-profit organizations. The company also provides exceptional support and cleared staff to a wide variety of federal organizations in the civilian, military, and intelligence community sectors. Our products and services touch all aspects of cybersecurity, including architecture, systems design, software development, training, assessment, and forensics. For more information, visit


For customer and partnership inquiries, please contact us

For all media inquiries, please contact us via e-mail at