CyberPostureGet started
CIS Controls v8.1 · International Standard

CIS Controls Assessment

Self-assess your IG1 implementation. Map your results to ISO 27001, NIST CSF, and PCI DSS automatically.

Start assessmentContact support

CIS Controls is the foundation. We map your results to the frameworks your clients and auditors actually ask for.

Pricing

Simple, transparent pricing

Self-assessment

Free

Full CIS Controls v8.1 IG1 assessment with instant score across all 18 control families.

  • 18 control families
  • IG1 & IG2 scoring
  • Gap analysis
  • No account required
Start assessment
Most Popular

IG1 policy bundle

$99one-time

Pre-written policy templates aligned to CIS Controls IG1, ready to customise and implement.

  • Policy templates for all IG1 controls
  • Word format, fully editable
  • Aligned to CIS v8.1
  • Immediate download
Get started

Framework mapping report

$149one-time

Your CIS Controls results mapped to ISO 27001, NIST CSF, and PCI DSS — in one downloadable report.

  • ISO 27001 annex mapping
  • NIST CSF crosswalk
  • PCI DSS control alignment
  • PDF + Word download
Get started

Ready to assess your CIS Controls maturity?

Free assessment. No account required.

Start assessmentContact support

Frequently asked questions

What are the CIS Controls?

The CIS Controls are a prioritised set of actions that organisations can take to defend against cyber threats. Version 8.1 organises controls into three Implementation Groups (IG1, IG2, IG3). IG1 is the recommended starting point for most SMBs and covers the most impactful basic controls.

Is the CIS Controls assessment free?

Yes. The full CIS Controls v8.1 IG1 assessment is completely free with no account required. The paid options are the IG1 policy bundle ($99) and the framework mapping report ($149) that maps your results to ISO 27001, NIST CSF, and PCI DSS.

What is IG1 and do I need to do more?

IG1 (Implementation Group 1) is the essential cyber hygiene baseline — 56 safeguards across 15 controls. It is appropriate for most SMBs. IG2 and IG3 add more advanced controls for organisations with sensitive data or complex infrastructure.

How do CIS Controls relate to ISO 27001?

The CIS Controls map closely to ISO 27001 Annex A controls. Our framework mapping report shows which CIS safeguards correspond to ISO 27001 controls, NIST CSF functions, and PCI DSS requirements — useful for organisations pursuing multiple certifications.

What do I get with the paid policy bundle?

The $99 IG1 policy bundle includes pre-written policy templates for all IG1 controls in Word format, fully editable and ready to customise for your organisation. Aligned to CIS v8.1 guidance and designed for immediate use.

Not sure which assessment you need? Debra can help.

Contact support