Compliance Services

CIS Top 20 Critical Controls Services

CIS Top 20 Critical Security Controls Risk Assessment Services

The Center for Internet Security (CIS) Top 20 Critical Security Controls is a prioritized approach to protect an organization’s sensitive data from attackers. These controls provide a specific and actionable plan to stop today’s most significant threats that an organization will face. The Top 20 Critical Security Controls are effective as they are updated on a regular basis to account for the current threat landscape.

Compass will assess the Top 20 Critical Security Controls using the most current version. The full list of the Top 20 Critical Security Controls are as follows:

  1. Inventory and Control of Hardware Assets
  2. Inventory and Control of Software Assets
  3. Continuous Vulnerability Management
  4. Controlled Use of Administrative Privileges
  5. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
  6. Maintenance, Monitoring, and Analysis of Audit Logs
  7. Email and Web Browser Protections
  8. Malware Defenses
  9. Limitation and Control of Network Ports, Protocols, and Services
  10. Data Recovery Capabilities
  11. Secure Configurations for Network Devices, such as Firewalls, Routers, and Switches
  12. Boundary Defense
  13. Data Protection
  14. Controlled Access Based on Need to Know
  15. Wireless Access Control
  16. Account Monitoring and Control
  17. Implement a Security Awareness and Training Program
  18. Application Software Security
  19. Incident Response and Management
  20. Penetration Test and Red Team Exercises


  • Detailed Technical Report - A detailed report for the CIS Top 20 Critical Security Controls Risk Assessment explaining the assessment process, findings and overview of effective IT controls, gaps and deficiencies in IT controls, associated risks, and remediation recommendations
  • Executive Summary Report - This report will provide a high-level overview of the assessment process, methodology used, and overall risk to the organization based on the results of the assessment

Let Compass IT Compliance assist your organization in assessing any risks present through our CIS Top 20 Critical Security Controls Risk Assessment so you can secure your sensitive data, comply with regulatory compliance requirements, and save time, money, and resources in the process. Contact Us today to discuss your unique situation. Secure. Comply. Save.

Security Blog Posts

Contact Us