Talk With an Expert

SEC566: Implementing and Auditing CIS Controls

SEC566Cybersecurity Leadership
  • 5 Days (Instructor-Led)
  • 30 Hours (Self-Paced)
Course authored by:
Brian Ventura
Brian Ventura
SEC566: Implementing and Auditing CIS Controls
Course authored by:
Brian Ventura
Brian Ventura
  • GIAC Critical Controls Certification (GCCC)
  • 30 CPEs

    Apply your credits to renew your certifications

  • In-Person, Virtual or Self-Paced

    Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months

  • 26 Hands-On Lab(s)

    Apply what you learn with hands-on exercises and labs

Transform the CIS Controls into a defensible roadmap that strengthens security, ensures compliance, and prepares your organization for the future.

Course Overview

Learn to put the CIS Critical Security Controls v8.1 into action across IT, cloud, third-party, and emerging environments. This hands-on course shows you how to stop attacks mapped in the MITRE ATT&CK framework, strengthen programs through automation, and align security with compliance frameworks. Through practical labs and Cyber42 leadership simulations, you’ll gain the skills to build resilient, defensible cybersecurity programs that stand up to both threats and scrutiny.

What You'll Learn

  • Design and implement CIS Controls across IT, cloud, hybrid, and AI environments
  • Build metrics and risk scores to measure effectiveness and communicate residual risk
  • Streamline configuration, coverage, and compliance with automation and orchestration
  • Apply strong identity and access controls to secure users, services, and AI workflows
  • Enforce endpoint, network, and cloud defenses and extend to AI pipelines and training data
  • Establish a culture of continuous improvement through vulnerability management, secure configurations, and forward-looking defense

Business Takeaways

  • Reduce attack surface with a prioritized set of CIS Controls
  • Maximize ROI by focusing on safeguards with the highest risk reduction
  • Create a consistent, measurable security posture across systems, partners, and AI workflows
  • Demonstrate regulatory compliance and industry standard alignment through CIS mappings and measurable reporting
  • Strengthen detection and response against real-world and AI-enabled threats
  • Show measurable improvements with metrics, scoring, and automation
  • Build a sustainable, business-aligned program that earns executive support

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in SEC566: Implementing and Auditing CIS Controls.

Section 1Introduction and Overview of the CIS Critical Controls

Learn the foundations of the CIS Controls framework, its evolution, and implementation strategies. Focus on enterprise asset inventory as the cornerstone of security, exploring tools and techniques to maintain accurate device tracking across complex networks.

Topics covered

  • CIS Critical Controls
  • Resources and tools of the CIS Controls
  • Mitre ATT&CK for common threats
  • Control assessments practice
  • CIS Control #1

Labs

  • Use the CIS Self-Assessment Tool (CSAT) for control assessment
  • Bonus Lab: Use Excel-based tools for control assessment
  • Inventory assets, software and user accounts with MS PowerShell

Section 2Data Protection, Identity and Authentication

Become proficient in the defensive domains of software control, data protection, and identity management. Learn implementation techniques for secure configurations, privileged access controls, and effective account management systems.

Topics covered

  • Software asset management
  • Data protection strategies
  • Identity and access management (IAM) best practices
  • Secure access control implementation

Labs

  • Enforce application control with AppLocker
  • Bonus Lab: Use an inventory scanning tool
  • Encrypt data at rest with Veracrypt
  • Simulate privilege abuse with Mimikatz
  • Scenario-based leadership simulation game

Section 3Server, Workstation, Network Protections

Discover the inner workings of vulnerability management, secure configurations, and audit logging implementation. Gain proficiency in techniques to protect email and web browsing while maintaining comprehensive security baselines.

Topics covered

  • CIS Controls 4, 7, 8, and 9
  • Secure configuration frameworks
  • Vulnerability management systems
  • Audit logging implementation
  • Email protections

Labs

  • Use CIS-CAT tool for auditing configurations
  • Bonus Lab: Performing additional scans with CIS-CAT
  • Bonus Lab: Parse Nmap output with PowerShell for automated analysis and reporting
  • Explore Security Incident and Event Management (SIEM) solutions using ELK
  • Execute a vulnerability scan of AI models using Garak

Section 4Network Infrastructure and Defense

Delve into advanced system protections: malware defenses, data recovery, and network infrastructure security. Learn to monitor network traffic and detect malicious activities using practical tools.

Topics covered

  • Malware defense implementation and automation
  • Applying CIS Controls to AI Workflows
  • Data recovery strategies and testing
  • Network infrastructure hardening and management
  • Network monitoring and intrusion detection

Labs

  • Building Secure Configurations for AI workflows using Amazon Bedrock Guardrails
  • Use CIS Navigator to map controls across frameworks and compliance standards
  • Use CIS Navigator mapping and model control mappings in a sample GRC system
  • Audit network devices with Nipper for misconfiguration and rule-set consistency
  • Scenario-based leadership simulation game

Section 5Governance and Operational Security

Develop skills in governance domains including security awareness, service provider management, and incident response. Discover techniques for app security, effective security management, and penetration testing.

Topics covered

  • Security awareness training
  • Service provider management
  • Application security implementation
  • Incident response frameworks
  • Penetration testing

Labs

  • Build robust tabletop exercises
  • Use CIS-RAM for risk assessment
  • Assess an organization, then prioritize and report on residual risk
  • Develop security program metrics
  • Scenario-based leadership simulation game

Things You Need To Know

Relevant Job Roles

Operational Leader

Cybersecurity Leadership

Operate from the point of view of an adversary in order to protect you most sensitive assets.

Explore learning path

Cybersecurity Research & Development

SCyWF: Cybersecurity Architecture, Research And Development

This role conducts conducts cybersecurity research and development. Find the SANS courses that map to the Cybersecurity Research & Development SCyWF Work Role.

Explore learning path

Cyber Legal, Policy & Compliance Officer

European Cybersecurity Skills Framework

Manages compliance with cybersecurity-related standards, legal and regulatory frameworks based on the organisation’s strategy and legal requirements.

Explore learning path

Technology Research and Development (OPM 661)

NICE: Design and Development

Responsible for conducting software and systems engineering and software systems research to develop new capabilities with fully integrated cybersecurity. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.

Explore learning path

Security Manager

Cybersecurity Leadership

Daily focus is on the leadership of technical teams. Includes titles such as Technical Director, Manager, and Team Lead.

Explore learning path

Defensive Cybersecurity (OPM 511)

NICE: Protection and Defense

Responsible for analyzing data collected from various cybersecurity defense tools to mitigate risks.

Explore learning path

Cybersecurity Researcher

European Cybersecurity Skills Framework

Research the cybersecurity domain and incorporate results in cybersecurity solutions.

Explore learning path

Laws and Data Protection

SCyWF: Governance, Risk, Compliance And Laws

This role ensures the organization complies with cybersecurity and data protection laws and regulations. Find the SANS courses that map to the Laws and Data Protection SCyWF Work Role.

Explore learning path

Course Schedule & Pricing

Looking for Group Purchase Options?Contact Us
  • Location & instructor

    Virtual (OnDemand)

    Instructed by
    Date & Time
    OnDemand (Anytime)Self-Paced, 4 months access
    Course price
    $7,650 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Riyadh, SA & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..View event details
    Course price
    $7,765 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..View event details
    Course price
    €7,190 EUR*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Dubai, AE & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..View event details
    Course price
    $7,765 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Washington, DC, US & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..View event details
    Course price
    $7,650 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Nashville, TN, US & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..View event details
    Course price
    $7,650 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Arlington, VA, US & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..View event details
    Course price
    $7,650 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Amsterdam, NL & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..View event details
    Course price
    €7,190 EUR*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Dubai, AE & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..View event details
    Course price
    $7,765 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Riyadh, SA & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..View event details
    Course price
    $7,765 USD*Prices exclude applicable local taxes
    Registration Options
Showing 10 of 16

Benefits of Learning with SANS

Instructor teaching to a class

Get feedback from the world’s best cybersecurity experts and instructors

OnDemand Mobile App

Choose how you want to learn - online, on demand, or at our live in-person training events

Resources

Get access to our range of industry-leading courses and resources