CIS Controls™ Gap Analysis

Assess Your Security Against the CIS Controls Standard

Why it’s Important to Know Where You Stand

CIS-controls-gap-analysis-truvantisThe CIS Controls™ security standard is the foundation of modern cybersecurity and a great place for any organization to start a systematic approach to security. 

The CIS Top-20 controls are created by consensus of security professionals and practitioners all over the world, endorsed by leading IT security vendors, governing bodies, and more.

By comparing your security program against a standard such as CIS controls, you get a level of assurance for yourself, organizational leadership, customers, partners, and others that your program is mature and is based on industry best practices, not vendor sales pitches.

Regardless of your motivation, once your organization has decided to implement the CIS Controls™ security standard, a gap analysis is the best way to move forward. This expert assessment of your current system can help you to understand how and where your organization fails to meet or exceed any one of the nearly 200 sub-controls comprising this security standard.

Armed with that insight, you can formulate a targeted plan to achieve compliance using the recommendations of trusted, senior security specialists.

Our Experience is Your Advantage

The Truvantis® team has been working with CIS Controls since its inception. Our team of senior security practitioners has a masterful understanding of the standard. For you, that means we can interpret and explain the standard and the concepts behind it in a way that makes sense in the context of your system and goals - and for your business.

It can be difficult for an organization to understand if their current behavior meets the CIS guidance and if not, what the best solution is.  This is often because of confirmation bias - having the people that built the existing security program assess its strengths and weaknesses, lacks the objectivity that comes from an independent evaluation.

That’s why we recommend an independent gap analysis performed by experts. This approach identifies specific ways of implementing these controls that not only meet the intent of the standard but also achieve real security outcomes, within your budget and without being a blocker to business operations.

Our Approach to a CIS Controls Gap Analysis

Once you’ve decided to pursue the CIS Controls as your target for security compliance and risk management, we’ll help you to understand the gaps in your current system. Then, we can work with you to bring your program into compliance with as little disruption to your operations as possible. 

Our Process

First, we’ll begin on a kick-off call with your team to determine the scope of the gap analysis, identify staff, and align expectations.  This will include selecting the parts of the standard that apply to you based on both the implementation groups (IGs) and cloud model mapping. Then, we’ll proceed with a request for key information and interviews with your relevant staff. Once everything we need is examined and clarified, we’ll meet with you to review a comprehensive report of our findings. These will include detailed recommendations for bridging the gap between your current security and the CIS Controls standards. 

Once our analysis is complete, we will work to formulate a feasible plan of action to move forward. Our security products and services can all be customized to help you achieve the CIS Controls standard in the specific way that’s right for your business goals.  

These may include:

  • Penetration Testing
  • Vulnerability Assessments
  • Code Review
  • Training
  • Risk Assessments
  • Incident Response Planning
  • Policy and Procedure Writing
  • Architectural Consulting
  • And more

Trust Truvantis to design your security maturity roadmap

As proud members of CIS, with a deep understanding of each control’s objective, Truvantis can help you to create a robust security foundation that not only complies with the CIS Controls standard but is also the best choice for your organization. The CIS Controls standard is a great way to start providing foundational security assurance — and a gap analysis is the best way to begin that journey.