Track and prioritize your implementation of the CIS Controls
The CIS Critical Security Controls® (CIS Controls®) are a prioritized set of consensus-developed security best practices used by enterprises around the world to defend against cyber threats.
The CIS Controls Self Assessment Tool (CIS CSAT) helps enterprises assess, track, and prioritize their implementation of CIS Controls v7.1 and v8.
This powerful tool can help organizations improve their cyber defense program regardless of size or resources. CIS CSAT can help enterprises identify where CIS Controls Safeguards are already well-implemented and where there are weak points that could be improved. This can be useful information as enterprises decide where to devote their limited cybersecurity resources.
Download the CIS Controls
With CIS CSAT you can…
Automate CIS Controls assessments
Stop tracking your implementation of the CIS Controls using spreadsheets. Save yourself time and effort by automating the CIS Controls assessment process.
Collaborate across teams and assign user roles
Enable everyone to play their part in supporting your enterprise's implementation of the CIS Controls.
Monitor alignment to other security frameworks
View your alignment with security frameworks including NIST CSF, PCI DSS, and NIST SP 800-53 using CIS Controls mappings.
Upload documentation as supporting evidence
Assess your implementation efforts at the CIS Safeguard level, choose which Safeguards to include in your assessments, and use these assessments to enable auditing and evidence collection.
Start tracking your implementation of the CIS Controls today!
Get access to CIS CSAT Pro through CIS SecureSuite Membership to start tracking your implementation.
Apply For Membership
CIS CSAT Overview
With CIS CSAT you can…
Automate CIS Controls assessments
Stop tracking your implementation of the CIS Controls using spreadsheets. Save yourself time and effort by automating the CIS Controls assessment process.
Collaborate across teams and assign user roles
Enable everyone to play their part in supporting your enterprise's implementation of the CIS Controls.
Monitor alignment to other security frameworks
View your alignment with security frameworks including NIST CSF, PCI DSS, and NIST SP 800-53 using CIS Controls mappings.
Upload documentation as supporting evidence
Assess your implementation efforts at the CIS Safeguard level, choose which Safeguards to include in your assessments, and use these assessments to enable auditing and evidence collection.
Start tracking your implementation of the CIS Controls today!
Get access to CIS CSAT Pro through CIS SecureSuite Membership to start tracking your implementation.
Apply For Membership
Features
There are two versions of CIS CSAT: Pro and Hosted. We have also released a CIS CSAT Ransomware Business Impact Analysis tool.
Download Features List
CIS CSAT Pro
CIS CSAT Pro is the on-premises version of the tool and is available exclusively to CIS SecureSuite Members. It offers a wide range of features and benefits:
- Greater control over your data – Decide whether to keep your data in-house, or opt in to anonymously share and see how your scores compare to the industry average.
- Greater flexibility with organization trees for managing organizations, sub-organizations, and assessments.
- Greater control over user roles – Assign users to different roles for different organizations/sub-organizations, as well as separate administrative and non-administrative roles.
- Track multiple concurrent assessments in the same organization.
- Easily access your tasks, assessments, and organizations from a consolidated home page.
- Save time by using a simplified scoring method with a reduced number of questions.
CIS-Hosted CSAT
CIS-hosted CSAT is a web-based portal version of CSAT hosted by CIS. It is free to every organization for use in a non-commercial capacity to conduct an assessment of their organization's own implementation of the CIS Controls.
Register Now
Start tracking your implementation of the CIS Controls today!
Get access to CIS CSAT Pro through CIS SecureSuite Membership to start tracking your implementation.
Apply For Membership
Now Available!
CIS CSAT Ransomware Business Impact Analysis Tool
Organizations can evaluate their likelihood of experiencing a ransomware attack and its potential impacts by using the CIS CSAT Ransomware Business Impact Analysis (BIA) tool. This utility has been created by CIS in partnership with Foresight Resilience Strategies (4RS). The BIA tool applies scores for ransomware-related Safeguards to estimate an enterprise’s likelihood of being affected by a ransomware attack; those who have already started an assessment using CIS-Hosted CSAT can import the scores from that assessment. Get started assessing your ransomware risks today!
Support Articles
Here are some "How-To" articles and other resources to help you maximize your use of CIS CSAT.
Blogs
Learn more about CIS CSAT and the CIS Critical Security Controls.
View all blog posts
FAQs
We've answered some common questions about CIS CSAT Pro and CIS-hosted CSAT.
Read On
