CIS Critical Security Controls: Vendor Perspective

Vendor Perspective

The CIS Critical Security Controls have already begun to transform security in government agencies and other large enterprises by focusing their spending on the key controls that block known attacks and find the ones that get through. Agreed upon by a powerful consortium which included NSA, US Cert, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center plus the top commercial forensics experts and pen testers that serve the banking and critical infrastructure communities, the automation of these CIS critical security controls will radically lower the cost of security while improving its effectiveness.

SANS vendor partners are a critical part of this security conversation. The SANS community looks to vendor partners for guidance and solutions to achieve a secure corporate environment.

2016 Critical Security Controls Poster - "Continuously Monitoring and Measuring the Critical Security Controls"

Does your company have a product that monitors, measures and assesses the implementation of the Critical Security Controls?

SANS is hard at work producing this year's poster focused on "Continuously Monitoring and Measuring the Critical Security Controls." In order for us to get this poster out to the SANS community in August 2016, we are seeking vendors to complete a survey that identifies their product in alignment with the controls and highlights their solutions.

Download the Critical Security Controls Poster survey HERE to highlight your product in the upcoming edition of the controls poster

Guidelines for Participating Vendors:
  1. Download and Complete the Critical Security Controls Poster Survey
    • The vendor must document their product's ability to monitor/measure the Critical Security Controls as measured against the "A Measurement Companion to the CIS Critical Security Controls (Version 6)" which can be found at
    • A spreadsheet version can be supplied upon request
  2. Provide SANS with 2 Customer References
    • References must be actively using the vendor's product for measuring the listed controls
  3. Submit & Review
    • Upon submission of all required documents, SANS will vet the use of the product and determine the product's alignment with the controls
    • Email completed documents to
  4. Co-marketing efforts are required by the vendor in order to be listed on the Critical Security Controls poster
    • Vendors will be supplied a SANS/CIS logo for promotion on the vendor's website
    • Promotion of the poster at SANS events and on SANS & CIS websites