Home Compliance CIS Controls

Best CIS Controls Compliance Tools & Solutions

The CIS Critical Security Controls (formerly SANS Top 20) are a prioritized set of cybersecurity best practices developed by the Center for Internet Security through consensus among security practitioners. Version 8 organizes 18 controls into three Implementation Groups (IGs) based on organizational resources and risk profile, making them accessible to organizations of all sizes. The controls are prescriptive, actionable, and mapped to other frameworks including NIST CSF, ISO 27001, and PCI DSS, making them an effective starting point for building a security program. — Browse 17 verified solutions.

Tenable
Exposure management and vulnerability scanning across IT, cloud, OT, and identity infrastructure.
Cloud NativeAutomationEnterprise Cloud SecurityCompliance & GRC
4.7 ★
Huntress
Managed security platform for SMB threat detection, response, and identity protection built for MSPs.
EDRMDRAutomation Endpoint SecurityManaged Security Services
4 ★
Pentera
Automated security validation platform that continuously tests your defenses with real attack techniques.
Red TeamAutomationEnterprise Penetration TestingVulnerability Management
4 ★
Cymulate
Breach and attack simulation platform for continuous security validation and exposure management.
Red TeamPurple TeamAutomation Penetration TestingVulnerability Management
4 ★
Picus Security
Adversarial exposure validation combining attack simulation, automated pentesting, and risk prioritization.
Red TeamAutomationEnterprise Penetration TestingVulnerability Management
4 ★
Axonius
Cybersecurity asset management platform providing unified visibility across all devices and cloud instances.
AutomationEnterpriseCAASM Vulnerability Management
4 ★
SafeBreach
Breach and attack simulation platform for continuous security control validation.
Red TeamPurple TeamEnterprise Penetration TestingVulnerability Management
4 ★
Nozomi Networks
OT and IoT cybersecurity platform for industrial networks and critical infrastructure protection.
NDREnterpriseOT/ICS Network Security
4 ★
XM Cyber
Attack path management and continuous exposure management platform showing how attackers reach critical assets.
Red TeamCloud NativeEnterprise Penetration TestingVulnerability Management
4 ★
Horizon3.ai
Autonomous penetration testing platform that finds and verifies exploitable attack paths.
Red TeamAI/MLAutomation Penetration TestingVulnerability Management
3.5 ★
Blumira
Cloud SIEM and XDR platform built for IT teams at small and mid-sized organizations.
XDRSIEMCloud Native SIEM & Log Management
3.5 ★
Todyl
Unified security platform combining SASE, SIEM, EDR, MXDR, and GRC for MSPs and mid-market.
EDRSIEMSMB SIEM & Log ManagementNetwork Security
3.5 ★
Phosphorus
Enterprise xIoT security platform for discovering, assessing, and remediating IoT, OT, and IoMT devices.
EnterpriseOT/ICSxIoT Network Security
3.5 ★
JupiterOne
Cyber asset attack surface management platform unifying security visibility across all digital assets.
Cloud NativeFree TierEnterprise Vulnerability Management
3.2 ★
Norwich University NUARI
Applied cybersecurity research institute offering cyber resilience exercises, tabletop simulations, workforce training, and critical infrastructure security programs.
Red TeamBlue Team Incident ResponseSecurity Awareness Training
3 ★
Sevco Security
Cybersecurity asset intelligence platform providing converged visibility across IT, cloud, and OT.
Cloud NativeEnterpriseCAASM Vulnerability Management
2.8 ★
Certify Cybersecurity
Cybersecurity assessments and managed security services focused on local government, K-12 education, and public sector entities in the Northeast.
SMBGRC Compliance & GRCManaged Security Services
2.8 ★

// CIS Controls & Requirements

18 controls across 13 families

Asset Management (2)
CIS-1 Inventory and Control of Enterprise Assets
CIS-2 Inventory and Control of Software Assets
Data Protection (2)
CIS-3 Data Protection
CIS-11 Data Recovery
Configuration (1)
CIS-4 Secure Configuration of Enterprise Assets and Software
Identity (2)
CIS-5 Account Management
CIS-6 Access Control Management
Vulnerability Management (1)
CIS-7 Continuous Vulnerability Management
Logging & Monitoring (1)
CIS-8 Audit Log Management
Application Security (2)
CIS-9 Email and Web Browser Protections
CIS-16 Application Software Security
Threat Protection (1)
CIS-10 Malware Defenses
Network Security (2)
CIS-12 Network Infrastructure Management
CIS-13 Network Monitoring and Defense
People (1)
CIS-14 Security Awareness and Skills Training
Third Party (1)
CIS-15 Service Provider Management
Incident Response (1)
CIS-17 Incident Response Management
Testing (1)
CIS-18 Penetration Testing
All compliance frameworks · Browse categories
CyberEdge Learning
Get Certified in Cybersecurity
Master compliance frameworks like HIPAA, SOC 2, PCI DSS, and CMMC with expert-led courses and hands-on labs.
Explore Courses →