KZero Staff
Jul 27, 2023

What Does CIS Mean?

The Center for Internet Security (CIS) is a non-profit focused on improving cybersecurity. It was founded in 2000 and provides numerous resources that promote security best practices and help organizations to manage their cybersecurity risk. These resources include best practice guides, preconfigured secure systems, and services to support cybersecurity programs within government agencies.

What Does CIS Do?

CIS is focused on promoting cybersecurity best practices via cybersecurity education. It develops and publishes various free resources designed to act as guides for organizations looking to enhance their security.

CIS Benchmarks

Often, the default settings and configurations for IT systems (operating systems, cloud environments, etc.) are insecure. The CIS Benchmarks provide a guide to secure these systems based on cybersecurity best practices.

CIS Benchmarks are a community effort and are developed by experts in their various fields. Each Benchmark is labeled as Basic (Level 1) or Enhanced (Level 2). A Basic Benchmark implements a generally secure, usable system, while Enhanced Benchmarks may offer greater security at the cost of some lost functionality.

CIS Hardened Images

CIS Hardened Images offer an even easier method of implementing secure systems. These are virtual machine (VM) templates that come pre-configured to comply with the relevant CIS Benchmarks.

CIS Hardened Images can be used anywhere that an organization might deploy a VM. For example, they can be used to secure Infrastructure as a Service (IaaS) deployments like Amazon EWS or be hosted within an organization’s data center.

CIS Controls

CIS Benchmarks and Hardened Images provide guidance on securing specific systems. The CIS Controls is a list of 18 security best practices designed to guide organizations in how they improve their security programs.

CIS controls are prescriptive and designed to be simple to understand and implement. They also have cross-mappings to various regulations and standards, such as NIST or  PCI DSS, which helps organizations to achieve and maintain compliance with applicable laws and regulations.

CIS also provides various tools and resources enabling companies to track and support their security programs. For example, they have the CIS Risk Assessment Method (CIS RAM) and CIS-CAT Pro for configuration assessments.

Community Involvement

In addition to providing resources, CIS is also involved in the community in various ways. Community members contribute to the development of CIS resources, and CIS participates in various events to educate people regarding cybersecurity best practices.

CIS also has efforts focused on improving security for government entities. The Multi-State Information Sharing and Analysis Center (MS-ISAC) to support US government entities in cybersecurity efforts. The Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) offers cybersecurity support to election offices at various levels (state, local, tribal, and territorial) in the US.


CIS is a non-profit headquartered in New York that is focused on improving cybersecurity through education and providing resources that promote cybersecurity best practices. CIS offerings include guides designed to help organizations design their security programs and properly configure software, preconfigured secure VMs, and programs to support cybersecurity efforts at various levels of government.

KZero Staff

Explore more insightful content from the knowledgeable KZero staff on our blog and guides section.

Glossary Terms

Stay up to date with the most recent #infosec topics

Trending Topics

Interested In
Next-Gen MFA?

Discover Multi-Pass enterprise passwordless authentication

Share the page: