CIS Top 20 Critical Security Controls Solutions

Prioritize security controls for effectiveness against real world threats

Schedule your compliance review
What is CIS?

The Center for Internet Security (CIS) Top 20 Critical Security Controls, is a prioritized set of best practices created to stop the most pervasive and dangerous threats of today.

It was developed by leading security experts from around the world and is refined and validated every year.

As you probably know, simply being compliant is not enough to mitigate probable attacks and protect your critical information. While there's no silver bullet for security, organizations can reduce chances of compromise by moving from a compliance-driven approach to a risk management approach focused on real world effectiveness. Implementing the CIS top 20 critical security controls is a great way protect your organization from some of the most common attacks.

cis compliance

Implementation Groups

What Implementation group are you in?

Schedule a call with us

Let's get you compliant

The CIS Critical Security Controls are a relatively small number of prioritized, well-vetted, and supported security actions that organizations can take to assess and improve their current security state. They also change the discussion from “what should my enterprise do” to “what should we ALL be doing” to improve security across a broad scale.

get secure today

As organizations struggle with the cost and complexity of compliance, the CIS Critical Security Controls are a practical approach to securing your organization. By focusing on high value, your organization can minimize the cost and complexity of compliance.

What Is CIS?

Who needs Critical Security Controls

Let's get you compliant

You are told you have to have a security framework, but you are not regulated by a specific framework

  • What framework do I use?
  • CSF is probably too much

Getting ready for GDPR

Organizations that want to raise the bar on testing your technical security controls in place.

Why Use a Trusted Provider?

Redhawk Approach

man working on laptop
Step 1

The first step is to determine the best Implementation Group for your assessment: Group 1, Group2, or Group 3.

Redhawk's goal is to right size the assessment for your current maturity level and needs of your organiztion.

Step 2

Redhawk's CIS TOP 20 Assessment is thorough and consultative. Our job is to educate you as we complete the assessment.

Step 3

Redhawk's reports provide practical and realistic recommendations that are prioritized to reduce your greatest risks first.

The Redhawk Benefit

CIS Top 20 Controls Assessment provides


Redhawk performs An in-depth and thorough assessment of your technical cybersecurity program.


A prioritized list of pracctical recommendations to help you reduce your greatest risks first.


A roadmap for your cybersecurity program. This detailed roadmap will serve as the functional document for satisfiing all efforts in the assement.


Our goal is to help evolve your cybersecurity program year after year. Redhawk is delivering a consultative assessment, not an audit.

CIS Top 20 Critical Security Controls

  1. Inventory and Control of Hardware Assets

  2. Inventory and Control of Software Assets

  3. Continuous Vulnerability Management

  4. Controlled Use of Administrative Privileges

  5. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers

  6. Maintenance, Monitoring and Analysis of Audit Logs

  7. Email and Web Browser Protections

  8. Malware Defenses

  9. Limitation and Control of Network Ports, Protocols, and Services

  10. Data Recovery Capabilities

  11. Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

  12. Boundary Defenses

  13. Data Protection

  14. Controlled Access Based on the Need to Know

  15. Wireless Access Control

  16. Account Monitoring and Control

  17. Implement a Security Awareness and Training Program

  18. Application Software Security

  19. Incident Response and Management

  20. Penetration Tests and Red Team Exercises