Step 1. Choose your CIS Controls™ Assessment

The CIS Controls® are a prioritized set of actions that collectively form a defense-in-depth set of best practices that mitigate the most common attacks against systems and networks. The CIS Controls are developed by a community of IT experts in various fields. A principal benefit of the Controls is that they prioritize and focus a smaller number of actions with high pay-off results.

CIS Controls version 7.1 are a prioritized set of 20 controls (sometimes called the SANS Top 20) with 6 basic key controls (previously 5) to protect the organization and data from known cyber attack vectors. The Implementation Groups (IGs) are self-assessed categories for organizations based on relevant cybersecurity attributes. Each IG identifies which CIS Controls are reasonable for an organization with a similar risk profile and resources to implement. 

CIS Top 20 – IG1 Controls

CIS Controls v7.1 for SMEs with limited sensitive data.

CIS Top 20 – IG2 Controls

CIS Controls v7.1 for mid-size enterprises or with sensitive data.

CIS Top 20 – IG3 Controls

CIS Controls v7.1 for large Enterprise with sensitive data.

CIS Top 6 – IG1 Controls

CIS Controls v7.1 – 6 basic key controls for SMEs with limited sensitive data.

CIS Top 6 – IG2 Controls

CIS Controls v7.1 – 6 basic key controls for mid-size enterprises or with sensitive data.

CIS Top 6 – IG3 Controls

CIS Controls v7.1 – 6 basic key controls for large Enterprise with sensitive data.

Step 2. Edit / Answer / Share the Assessment


Disclaimer: the assessments are provided by Vendict “as is” for information purposes only. Any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. While we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the inserted assessment contained herein. Any reliance you place on such information is therefore strictly at your own risk.