CIS: Center for Internet Security

The Center for Internet Security (CIS) is an organization dedicated to enhancing the Cybersecurity readiness and response among public and private sector entities. Utilizing its strong industry and government partnerships, CIS combats evolving Cybersecurity challenges on a global scale and helps organizations adopt key best practices to achieve immediate and effective defenses against cyber attacks. CIS is home to the Multi-State Information Sharing and Analysis Center (MS-ISAC), CIS Security Benchmarks, and CIS Critical Security Controls.
CIS mission is to:
  • Identify, develop, validate, promote, and sustain best practices in cybersecurity;
  • Deliver world-class security solutions to prevent and rapidly respond to cyber incidents; and
  • Build and lead communities to enable an environment of trust in cyberspace.

CIS live by the values as published:

  • Operate with Integrity
  • Commit to Excellence
  • Embody Collaboration
  • Focus on our Partners
  • Support our Employees
  • Promote Teamwork
  • Remain Agile

There are two resources of CIS which we will take a deep dive on:

  • Secure Configuration Guides (aka “Benchmarks”)
  • “Top 20” Critical Security Controls (CSC)
Benchmarks vs. Critical Security Controls:
  • Benchmarks are technology specific checklists that provide prescriptive guidance for secure configuration
  • CSCs are security program level activities:
    • Inventory your items
    • Securely configure them
    • Patch them
    • Reduce privileges
    • Train the humans
    • Monitor the access
CIS Benchmarks:
  • 140 benchmarks available here
  • AWS CIS Foundations Benchmark here