How well are your security fundamentals actually covered?
The CIS 18 Critical Security Controls are the baseline that cyber insurers, investors, and regulators now expect. CIS 18 is increasingly used as the benchmark in post-incident reviews and M&A due diligence.
This free self-assessment covers all 18 CIS control areas in 18 questions. No login needed. Takes only a few minutes. Get your personalized gap report instantly.
What you'll get
→A score across all 18 CIS control areas
→A clear breakdown of where your gaps are
→Recommended next steps based on your answers
0 of 18 answered
Section 1: Asset Management
CIS Control 1
1.Do you maintain an up-to-date inventory of all hardware assets on your network?
CIS Control 2
2.Do you maintain an up-to-date inventory of all software and applications in use?
Section 2: Data Protection
CIS Control 3
3.Do you have a formal data management and classification policy?
Section 3: Secure Configuration
CIS Control 4
4.Do you maintain secure configurations for all enterprise hardware and software?
Section 4: Access Control
CIS Control 5
5.Do you manage accounts and credentials — including privileged accounts — with formal controls?
CIS Control 6
6.Do you enforce multi-factor authentication across critical systems and remote access?
Section 5: Vulnerability Management
CIS Control 7
7.Do you run continuous vulnerability management across your environment?
CIS Control 8
8.Do you have a formal audit log management process?
Section 6: Network Defense
CIS Control 9
9.Do you have documented and enforced controls for email and web browser security?
CIS Control 10
10.Do you have malware defenses deployed and actively managed across your environment?
CIS Control 11
11.Do you manage and secure your organization's data recovery capabilities?
CIS Control 12
12.Do you actively manage and monitor your network infrastructure?
CIS Control 13
13.Do you have network monitoring and threat detection capabilities in place?
Section 7: Security Awareness & Service Providers
CIS Control 14
14.Do you run a formal security awareness and training program?
CIS Control 15
15.Do you have a formal service provider management process?
Section 8: Application Security
CIS Control 16
16.Do you have a documented and tested application security program?
Section 9: Incident Response
CIS Control 17
17.Do you have a documented and tested incident response plan?
CIS Control 18
18.Do you run penetration tests or red team exercises against your environment?
Need help closing your CIS 18 gaps?
Atumcell helps PE-backed companies and enterprise teams build security programs that hold up to scrutiny — from penetration testing and vulnerability management to CISO-as-a-Service and OT network monitoring.
Used by security teams across financial services, manufacturing, energy, and private equity portfolios.
