CIS is a nonprofit organization established in October 2000. A global IT community drives CIS with the common goal of identifying, developing, validating, promoting and sustaining best practice solutions for cyber defense. CIS is most commonly known for its release of CIS Controls, a comprehensive guide of 20+ safeguards and countermeasures for effective cyber defense. CIS Controls provide a prioritized checklist that organizations can implement to reduce their cyber-attack surface significantly. CIS Benchmarks reference these controls when building recommendations for better-secured system configurations.
CIS benchmarks are internationally recognized as security standards for defending IT systems and data against cyberattacks. Used by thousands of businesses, they offer prescriptive guidance for establishing a secure baseline configuration. CIS benchmarks were created using a consensus review process based on input from subject matter experts with diverse backgrounds spanning software development, audit and compliance, security research, operations, government, and law.
CIS Benchmarks align closely with–or 'map to'—security and data privacy regulatory frameworks that Digital Edge has been successfully assisting clients implementing, including the NIST (National Institute of Standards and Technology) Cybersecurity Framework, the PCI DSS (Payment Card Industry Data Security Standard) (PCI DSS), HIPAA (Health Insurance Portability and Accountability Act), and ISO/EIC 2700. As a result, any organization operating in an industry governed by these types of regulations can make significant progress toward compliance by adhering to CIS Benchmarks. Besides, CIS Controls and CIS Hardened Images can help support an organization's compliance with GDPR (the EU's General Data Protection Regulation).
As a Consulting/Hosting member of the CIS, Digital Edge will be extending their cybersecurity offering to help clients with traditional and cloud infrastructures to assess their security posture, monitor conformance over time, and develop customized configuration policies and reports.