The Center for Internet Security CIS) is a nonprofit organization that leverages the power of its global membership to promulgate and share IT security guidelines. Adoption of their guidelines — the CIS Controls — aims to protect private and public enterprises from data breaches arising from known vulnerabilities.
The center’s 20 CIS Controls are segmented into Basic, Foundational, and Organizational segments. They provide a framework for an enterprise to protect its digital and physical assets, covering areas such as threat monitoring, detection, prevention, response, mitigation, and recovery.
The CIS, which promulgated its controls, is also home to a number of information sharing and analysis centers. Its ISACs are comprised of and serve states, localities, territories, tribes, and voting authorities.
"As a midsize business we're growing our infrastructure and IT teams. The baseline security requirements we'll be adhering to are the CISC, so the new team has a mandate to make as many of those changes for which we've budgeted."