A web-based reference tool and audit checklist for implementing CIS Critical Security Controls v8.1
The CIS Controls Audit Tool is an interactive web tool designed to help security professionals, auditors, and IT teams implement and audit against the CIS Critical Security Controls v8.1. This tool serves as both a reference guide and an audit management platform for anyone wanting to apply CIS Controls in their organization.
- โ Complete CIS Controls v8.1 Coverage - All 18 Controls and 153 Safeguards
- โ Interactive Audit Checklist - Track implementation progress with status indicators
- โ Implementation Group Guidance - Detailed information for IG1, IG2, and IG3
- โ Advanced Filtering - Filter by IG level, asset type, and security function
- โ Search Functionality - Quick search across all controls and safeguards
- โ Progress Tracking - Visual progress indicators and completion statistics
- โ Export Capabilities - Download audit reports for documentation
- โ CIS Benchmarks Reference - Information about 100+ technology benchmarks
- โ Framework Mapping - Alignment with NIST, ISO 27001, PCI-DSS
- โ Dark Mode - Eye-friendly interface for extended use
- โ Responsive Design - Works seamlessly on desktop, tablet, and mobile
- โ Offline Capable - Uses localStorage for data persistence
CIS-Audit-Tool/
โโโ docs/ # GitHub Pages site (web GUI)
โ โโโ index.html # Main dashboard page
โ โโโ controls.html # Controls explorer page
โ โโโ audit.html # Audit checklist page
โ โโโ implementation-groups.html # IG details page
โ โโโ benchmarks.html # CIS Benchmarks reference
โ โโโ resources.html # Resources and guides
โ โโโ css/
โ โ โโโ style.css # Main stylesheet
โ โ โโโ themes.css # Dark/light theme styles
โ โโโ js/
โ โ โโโ app.js # Main application logic
โ โ โโโ data.js # CIS Controls data
โ โ โโโ audit.js # Audit functionality
โ โ โโโ utils.js # Utility functions
โ โโโ assets/
โ โ โโโ images/ # Images and icons
โ โ โโโ fonts/ # Custom fonts
โ โโโ data/
โ โโโ cis-controls-v8.1.json # CIS Controls data
โโโ scripts/ # Automation scripts
โ โโโ audit-templates/ # Audit templates
โ โ โโโ audit-template.xlsx # Excel audit template
โ โ โโโ audit-template.csv # CSV audit template
โ โโโ generators/ # Report generators
โ โโโ generate-report.py # Python report generator
โโโ docs-content/ # Documentation
โ โโโ GETTING-STARTED.md # Getting started guide
โ โโโ IMPLEMENTATION-GUIDE.md # Implementation guidance
โ โโโ API-REFERENCE.md # API documentation
โ โโโ CONTRIBUTING.md # Contribution guidelines
โโโ LICENSE # MIT License
โโโ README.md # This file
The CIS Critical Security Controls are a prioritized set of actions that collectively form a defense-in-depth set of best practices to mitigate the most common cyber attacks against systems and networks.
- 18 Controls organized into logical security domains
- 153 Safeguards providing specific implementation guidance
- 3 Implementation Groups (IG1, IG2, IG3) for prioritization based on organizational resources and risk
| Group | Safeguards | Target Audience |
|---|---|---|
| IG1 | 56 | Small/medium enterprises with limited cybersecurity expertise |
| IG2 | +74 (130 total) | Organizations with multiple departments and increased complexity |
| IG3 | +23 (153 total) | Enterprises with sensitive data and dedicated security teams |
- Inventory and Control of Enterprise Assets
- Inventory and Control of Software Assets
- Data Protection
- Secure Configuration of Enterprise Assets and Software
- Account Management
- Access Control Management
- Continuous Vulnerability Management
- Audit Log Management
- Email and Web Browser Protections
- Malware Defenses
- Data Recovery
- Network Infrastructure Management
- Network Monitoring and Defense
- Security Awareness and Skills Training
- Service Provider Management
- Application Software Security
- Incident Response Management
- Penetration Testing
No prerequisites needed! This is a static web application that runs entirely in the browser.
Simply visit the live demo to start using the tool immediately.
# Clone the repository
git clone https://github.com/SiteQ8/CIS-Audit-Tool.git
# Navigate to the project directory
cd CIS-Audit-Tool
# Open the docs folder (this is your web GUI)
cd docs
# Open index.html in your browser
# On macOS:
open index.html
# On Linux:
xdg-open index.html
# On Windows:
start index.html
# Or use a local server (recommended):
python -m http.server 8000
# Then visit: http://localhost:8000- Fork this repository
- Go to Settings > Pages
- Select "main" branch and "/docs" folder as source
- Your site will be published at
https://[your-username].github.io/CIS-Audit-Tool/
- Navigate to Audit Checklist: Click on "Audit Checklist" in the sidebar
- Filter Safeguards: Use filters to focus on specific Implementation Groups
- Mark Progress: Click checkboxes and update status for each safeguard
- Track Progress: View real-time progress indicators
- Add Notes: Document findings and implementation details
- Export Results: Download your audit report in multiple formats
- Browse Controls: Navigate to "Controls Explorer"
- View Details: Click on any control to see detailed information
- Filter & Search: Use filters to find specific controls
- Reference Safeguards: See all associated safeguards for each control
- Select Your IG Level: Navigate to "Implementation Groups"
- Review Requirements: Understand which safeguards apply to you
- Access Resources: Visit "Resources" for implementation guides
- Check Benchmarks: Reference relevant CIS Benchmarks for your technologies
All audit progress is automatically saved to your browser's localStorage. Your work persists across sessions without requiring a database or server.
- JSON: Machine-readable format for integration
- CSV: Import into Excel or other tools
- HTML: Printable audit report
- PDF: Professional documentation (coming soon)
Advanced filtering options:
- Implementation Group: IG1, IG2, IG3
- Asset Type: Devices, Software, Data, Users, Network, Documentation
- Security Function: Identify, Protect, Detect, Respond, Recover, Governance
- Status: Not Started, In Progress, Completed, Not Applicable
We welcome contributions from the community! Here's how you can help:
- ๐ Report Bugs: Found a bug? Open an issue
- ๐ก Suggest Features: Have an idea? Start a discussion
- ๐ Improve Documentation: Help make the docs better
- ๐ง Submit Pull Requests: Fix bugs or add features
# Fork and clone the repository
git clone https://github.com/[your-username]/CIS-Audit-Tool.git
# Create a new branch
git checkout -b feature/your-feature-name
# Make your changes
# Test thoroughly
# Commit your changes
git commit -m "Add: your feature description"
# Push to your fork
git push origin feature/your-feature-name
# Open a Pull Request- Getting Started Guide - Quick start guide
- Implementation Guide - Detailed implementation guidance
- API Reference - Technical documentation
- FAQ - Frequently asked questions
- CIS Controls v8.1 - Official CIS Controls page
- CIS Benchmarks - Download CIS Benchmarks
- CIS-CAT Pro - Automated assessment tool
- CIS SecureSuite - CIS membership program
- CIS Community - Join the CIS community
- SANS SEC566 - CIS Controls training
- Center for Internet Security (CIS) - For developing and maintaining the CIS Controls
- CIS Community - For collaborative development of security best practices
- Contributors - Thank you to all who have contributed to this project
This project is licensed under the MIT License - see the LICENSE file for details.
- CIS Controlsยฎ is a registered trademark of the Center for Internet Security
- This tool is not officially endorsed by the Center for Internet Security
- All CIS Controls content is used in accordance with CIS licensing terms
This tool is provided for reference and educational purposes. While it aims to accurately represent the CIS Controls v8.1, users should:
- Refer to official CIS documentation for authoritative guidance
- Validate all implementations against your organization's requirements
- Consult with security professionals for critical implementations
- Keep the tool updated with the latest CIS Controls versions
Project Maintainer: @SiteQ8
- GitHub Issues: Report bugs or request features
- LinkedIn: Connect for professional inquiries
- โ Complete CIS Controls v8.1 coverage
- โ Interactive audit checklist
- โ Implementation Group guidance
- โ Dark mode support
- โ Export functionality
- โณ PDF export for audit reports
- โณ Multi-user collaboration features
- โณ Integration with CIS-CAT Pro
- โณ Automated compliance scoring
- โณ Evidence attachment support
- ๐ฎ Backend API for team collaboration
- ๐ฎ Role-based access control
- ๐ฎ Custom control frameworks
- ๐ฎ Integration with SIEM tools
- ๐ฎ Automated remediation suggestions
Built with โค๏ธ by cybersecurity professionals, for cybersecurity professionals
"Security is not a product, but a process." - Bruce Schneier
