Compliance Services

CIS Top 20 Critical Controls Services

CIS Top 20 Critical Security Controls Assessment Services

The Center for Internet Security (CIS) Top 20 Critical Security Controls is a prioritized approach to protect an organization’s sensitive data from attackers. These controls provide a specific and actionable plan to stop today’s most significant threats that an organization will face. The Top 20 Critical Security Controls are effective as they are updated on a regular basis to account for the current threat landscape.

Compass IT Compliance will assess the Top 20 Critical Security Controls using the most current version. The full list of the Top 20 Critical Security Controls are as follows:

  1. Inventory and Control of Hardware Assets
  2. Inventory and Control of Software Assets
  3. Continuous Vulnerability Management
  4. Controlled Use of Administrative Privileges
  5. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
  6. Maintenance, Monitoring, and Analysis of Audit Logs
  7. Email and Web Browser Protections
  8. Malware Defenses
  9. Limitation and Control of Network Ports, Protocols, and Services
  10. Data Recovery Capabilities
  11. Secure Configurations for Network Devices, such as Firewalls, Routers, and Switches
  12. Boundary Defense
  13. Data Protection
  14. Controlled Access Based on Need to Know
  15. Wireless Access Control
  16. Account Monitoring and Control
  17. Implement a Security Awareness and Training Program
  18. Application Software Security
  19. Incident Response and Management
  20. Penetration Test and Red Team Exercises

Compass IT Compliance Services

  • CIS Top 20 Critical Controls Risk Assessment - Assess your current level of compliance with the CIS Top 20 Critical Controls, identify gaps in controls, and identify key work areas that your organization must address to achieve and/or maintain compliance with the framework
     
  • CIS Top 20 Critical Controls Audit - Our experienced, certified IT Auditors will examine your IT controls mapped against the CIS Top 20 Critical Controls requirements, obtain evidence to determine if the controls are operating effectively to achieve your organization's objectives and satisfy framework requirements, and provide attestation of audit along with remediation strategies. A deeper dive assessment compared to the CIS Top 20 Critical Controls Risk Assessment, the CIS Top 20 Critical Controls Audit will include evidence sampling
     
  • CIS Top 20 Critical Controls Advisory Services - Work with your organization and tailor our project to your specific needs to address any concerns that you have related to the CIS Top 20 Critical Controls, assist in the implementation and updating of policies and procedures, or assist in assessing the risk your third party providers pose related to the CIS Top 20 Critical Controls

Let Compass IT Compliance assist your organization in assessing any risks present through our CIS Top 20 Critical Security Controls services so you can secure your sensitive data, comply with regulatory compliance requirements, and save time, money, and resources in the process. Contact Us today to discuss your unique situation. Secure. Comply. Save.

Security Blog Posts


Contact Us