EssentialScore (Essential Eight)·CISScore (CIS Controls)·PrivacyScore (Privacy Act)·CyberInsureReady (Cyber Insurance)
CIS Controls v8.1 · International Cybersecurity Standard

CIS Controls v8.1 Assessment for Australian SMBs

Self-assess your CIS Controls IG1 implementation. Map your results to ISO 27001, NIST CSF, and PCI DSS automatically. Free assessment — no account required.

Start free assessmentContact support

What are the CIS Controls?

The CIS Controls (Center for Internet Security Controls) are a globally recognised set of prioritised cybersecurity actions, now in version 8.1. They are organised into three Implementation Groups — IG1 is the essential cyber hygiene baseline, covering 56 safeguards that address the most common attack vectors.

CIS Controls are widely referenced by cyber insurers, ISO 27001 auditors, and enterprise clients. The CISScore assessment maps your IG1 compliance and automatically cross-references your results to ISO 27001 Annex A, NIST CSF, and PCI DSS.

Pricing

CIS Controls Assessment Pricing

Self-assessment

Free

Full CIS Controls v8.1 IG1 assessment with instant score across all 18 control families.

  • 18 control families
  • IG1 & IG2 scoring
  • Gap analysis
  • No account required
Start assessment
Most Popular

IG1 policy bundle

$99one-time

Pre-written policy templates aligned to CIS Controls IG1, ready to customise and implement.

  • Policy templates for all IG1 controls
  • Word format, fully editable
  • Aligned to CIS v8.1
  • Immediate download
Get started

Framework mapping report

$149one-time

Your CIS Controls results mapped to ISO 27001, NIST CSF, and PCI DSS — in one downloadable report.

  • ISO 27001 annex mapping
  • NIST CSF crosswalk
  • PCI DSS control alignment
  • PDF + Word download
Get started

Ready to assess your CIS Controls maturity?

Free assessment. No account required.

Start free assessment

CIS Controls Assessment FAQs

What are the CIS Controls?

The CIS Controls are a prioritised set of cybersecurity actions organised into three Implementation Groups. IG1 is the essential cyber hygiene baseline covering 56 safeguards — appropriate for most SMBs and the most impactful starting point.

Is the CIS Controls assessment free?

Yes. The full CIS Controls v8.1 IG1 assessment is completely free with no account required. Paid options are the IG1 policy bundle ($99) and the framework mapping report ($149).

What is IG1 and do I need to do more?

IG1 (Implementation Group 1) covers 56 safeguards across 15 controls — the essential cyber hygiene baseline for most SMBs. IG2 and IG3 add more advanced controls for organisations with sensitive data or complex infrastructure.

How do CIS Controls relate to ISO 27001?

The CIS Controls map closely to ISO 27001 Annex A controls. Our framework mapping report shows which CIS safeguards correspond to ISO 27001 controls, NIST CSF functions, and PCI DSS requirements.

How do CIS Controls relate to the ACSC Essential Eight?

Both frameworks address similar threats from different angles. The Essential Eight is the Australian government standard; CIS Controls is the international best-practice framework. Many Australian SMBs complete both to satisfy different audiences — government clients typically require Essential Eight, enterprise clients often reference CIS Controls.

What do I get with the paid policy bundle?

The $99 IG1 policy bundle includes pre-written policy templates for all IG1 controls in Word format, fully editable and aligned to CIS v8.1 guidance, ready to implement immediately.