Get My Score

CIS Security


Comprehensive CIS Support

The CSC-20 Controls

Cavirin and CIS

Cavirin has taken the lead in mapping the CSC-20 into a set of technical controls covering PCI, NIST, ISO, HIPAA, and others. This includes Docker, Kubernetes, Android, and the new CIS Microsoft Azure Foundations Benchmark. CIS is really the foundation on which other technical control families are developed, and are the gold standard for the following reasons:

  • Updated by cyber experts based on actual attack data pulled from a variety of public and private threat sources.
  • CIS Controls are likely to prevent majority of cyber-attacks.
  • Concise, prioritized set of cyber practices created to stop today's most pervasive and dangerous cyber-attacks.
  • These provide metrics for IT personnel to understand, continuously diagnose and mitigate risks, and automate defenses to ensure compliance with the controls.

CIS-20 Security Controls and NIST

The CIS CSC is Referenced by the U.S. Federal Government in the NIST Cybersecurity Framework and other guidelines, and validated by the Australian government. It is also recommended by the U.S. National Governor’s Association, the UK’s Centre for the Protection of National Infrastructure (CPNI), Symantec, Zurich Insurance, and others.

A way of connecting the CSC-20 to actual technical controls is via the NIST CSF. Each of the 20 controls relates to one of the five CSF core functions: Identify, Protect, Detect, Respond, and Recover. As an example, CSC-4, Continuous Vulnerability Assessment and Remediation, maps to NIST Identity Risk Assessment, or ID.RA. The flow depicts this mapping in greater detail, from the core function through the specific policy.

More information available on the NIST Solution page.

Detailed mapping with the Identity function as an example

CIS Controls Leadership Poster

The CIS Controls V7 Leadership Poster prioritizes the set of actions required to protect your organization and data from known cyber attack vectors. CIS Controls are broken down into three categories: Basic, Foundational, and Organizational.  The bottom of the poster lays out the five keys for building a cybersecurity program (all of which Cavirin can help you address and automate):
  • Find Frameworks that Fit
  • Map Controls to the Framework
  • Manage and Assess Risk
  • Measure Maturity and Progress
  • Monitor and Measure Security


Download Poster



The Enterprise Journey to the Hybrid Cloud

Demand for the Hybrid Cloud is growing at an ever increasing rate. Gartner predicts the Hybrid Cloud will become the most common form of cloud consumption, by 2020, as the nal barriers give way to the new normal in enterprise information technology (IT). This eBook walks you through the steps required to building a world-class Hybrid Cloud infrastructure from setting goals and developing consensus to building and deploying secure hybrid workloads.


Download eBook

© 2019 Cavirin Systems, Inc. All rights reserved.