New Free Self-Assessment for CIS Controls

The Center for Internet Security (CIS), which operates the Multi-State Information Sharing and Analysis Center (MS-ISAC), has launched a free assessment tool to enable security practitioners to track and prioritize their implementation of the CIS Controls. Results from the CIS Controls Self-Assessment Tool (CIS CSAT) can be exported per department or organizational unit, or enterprises can take a more holistic view of the entire organization’s security. With cross-mappings to additional security frameworks, users can also track alignment between other best practices and the CIS Controls. In addition, CIS CSAT can anonymously compare results to the averages of an industry or other peer groups to help drive the direction of a security program. Initially released over ten years ago, the CIS Controls consist of cybersecurity guidance developed by the IT community. They are intended to help organizations protect themselves and their data from known cyber attack vectors and, according to MS-ISAC, can help defeat over 85% of common attacks. Read the press release and access the self-assessment at CIS.