Quality, Expert-Derived Cybersecurity Documentation To Keep Organizations Secure, Compliant & Resilient - No AI Slop!
Secure Controls Framework
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Cart
Start Here
Products
Bundles
Updates
Reasons To Buy
Certification Options
Home
FAQ
What is CIS in cybersecurity?

What is CIS in cybersecurity?

Direct Answer

CIS generally refers to the Center for Internet Security, renowned for its Critical Security Controls (CSC) and CIS Benchmarks:

  • CIS Controls: A prioritized list (IG1-IG3) of 18 technical defense mechanisms (e.g., inventory management, secure configurations, data protection). These are mapped across frameworks like NIST CSF and NIST SP 800 53.
  • CIS Benchmarks: Consensus-based hardening guidelines for operating systems, applications, network devices and cloud workloads.

The current version of CIS CSC contains eighteen (18) primary controls that originated from the “SANS Top 20” that focused on controls to address the top twenty (20) critical security vulnerabilities that organizations face. The SANS Top 20 was transferred to CIS in 2015 and rebranded as the CSC.

Keep Exploring

Relevant ComplianceForge Resources

References

Authoritative Sources