What is CIS in Cyber Security?

CIS generally refers to the Center for Internet Security, renowned for its Critical Security Controls (CSC) and CIS Benchmarks:

CIS Controls: A prioritized list (IG1–IG3) of 18 technical defense mechanisms (e.g., inventory management, secure configurations, data protection). These are mapped across frameworks like NIST CSF and NIST SP 800 53.
CIS Benchmarks: Consensus-based hardening guidelines for operating systems, applications, network devices and cloud workloads.

The current version of CIS CSC contains eighteen (18) primary controls that originated from the “SANS Top 20” that focused on controls to address the top twenty (20) critical security vulnerabilities that organizations face. The SANS Top 20 was transferred to CIS in 2015 and rebranded as the CSC.

Governance Risk & Compliance (GRC) Content

Secure Controls Framework (SCF)

NIST 800-171 & CMMC - Where Do I Start?

Editable Policies & Standards Templates

Editable Procedures Templates

Cybersecurity Supply Chain Risk Management

NIST 800-171 Compliance

Risk Management

Data Protection (Privacy) & Secure Engineering

Vulnerability & Patch Management

Incident Response

PCI DSS Compliance

NIST 800-171 & CMMC Compliance

Premium GRC Content (GRC Importable)

Cybersecurity Policies, Standards & Procedures

Cybersecurity Supply Chain Risk Management

Privacy & Data Protection (GDPR, CCPA & more)

Risk Management Bundles

Subscriptions

Common Compliance Requirements

Alignment With Secure Practices

Free Guides

Cost Savings

US Federal Data Security Laws & Regulations

US State Data Security Laws & Regulations

International Data Security Laws & Regulations

SCF Licensed Content Provider (LCP)

SCF Certifications

Individual Certifications

Controlled Unclassified Information (CUI)

Why Choose ComplianceForge?

Industries Served & Client References

Multiple Company Discount

Product Comparison: DSP vs CDPP

What is CIS in Cyber Security?

What is CIS in Cyber Security?