The Center for Internet Security (CIS) Critical Security Controls is a collection of best practices that organizations should take to defend against or mitigate known cyber threats. Originally developed by the SANS Institute, then known as the SANS Top 20, the control framework was transferred to the Center for Internet Security (CIS) in 2015. The CIS CSC are subject to change along with attack vectors and the ever-evolving threat landscape. Our CIS CSC controls review is an in-depth evaluation of the implementation of these controls through administrative, operational and technical inspection and testing methods. For each control, there are multiple checks which are either Foundational or Advanced in nature. Corrective advice is offered where gaps may exist.
NIST Special Publication 800-53 Rev. 5 provides information security standards and guidelines, including baseline control requirements, for implementation of federal information systems under the Federal Information Systems Management Act of 2002 (FISMA). The controls are customizable and implemented as part of an organization-wide process that manages information security and privacy risk. Our NIST 800-53 Controls Review is an in-depth evaluation of the implementation of these controls through administrative, operational and technical inspection and testing methods. We validate the existence of controls and observe their use, offering corrective advice where gaps may exist.