Last Day to Save $200 on SANS 2016

CIS Critical Security Controls: Solution Directory

CIS Critical Security Controls: Solution Directory

Welcome to the Critical Security Controls Solutions Directory. This resource assists you in finding security products that implement the Critical Security Controls. The Solutions Directory lists products under each Critical Security Control category. By clicking on the link for a particular Critical Control link, you will find two levels of information about products that are associated with that Control:

  1. Products shown with this logo have worked with SANS to produce What Works reports, where SANS has interviewed a user of the product and gets first-hand information on the effectiveness of the product and the lessons learned in deploying and using the product to efficiently and effectively implement one or more of the Critical Security Controls.
  2. Following those products which have been validated through a What Works effort, as a service to the security community SANS has included links from vendors who have mapped their products to the Critical Security Controls. SANS has not verified the use or effectiveness of these products.

Visit the Solutions Directory frequently for updated listings and future information on integrated sets of products that implement multiple Critical Security Controls.

CIS Critical Security Controls - Version 6.0

To learn more about the CIS Critical Security Controls and download a free detailed version please visit:

CSC 1: Inventory of Authorized and Unauthorized Devices
CSC 2: Inventory of Authorized and Unauthorized Software
CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
CSC 4: Continuous Vulnerability Assessment and Remediation
CSC 5: Controlled Use of Administrative Privileges
CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs
CSC 7: Email and Web Browser Protections
CSC 8: Malware Defenses
CSC 9: Limitation and Control of Network Ports, Protocols, and Services
CSC 10: Data Recovery Capability
CSC 11: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
CSC 12: Boundary Defense
CSC 13: Data Protection
CSC 14: Controlled Access Based on the Need to Know
CSC 15: Wireless Access Control
CSC 16: Account Monitoring and Control
CSC 17: Security Skills Assessment and Appropriate Training to Fill Gaps
CSC 18: Application Software Security
CSC 19: Incident Response and Management
CSC 20: Penetration Tests and Red Team Exercises