EssentialScore (Essential Eight)·CISScore (CIS Controls)·PrivacyScore (Privacy Act)·CyberInsureReady (Cyber Insurance)
CIS Controls v8.1 · Implementation Group 1

Does your business meet the CIS Controls standard?

The CIS Critical Security Controls are the global benchmark for cyber hygiene. Take our free 44-question assessment and get your IG1 score — with the policies to close every gap.

No account required · All scoring happens in your browser · 5 minutes

Trusted by Australian SMBs·Free PDF report included·No email required

18

CIS Controls

56

IG1 Safeguards

6

NIST CSF Functions

44

IG1 Questions

How CISScore Works

From assessment to actionable policies in under 10 minutes.

1

Free Assessment

44 questions across 16 IG1 controls. Plain English. 5 minutes. No account needed.

2

Your CIS Score

Per-control scores across all 6 NIST CSF security functions. See exactly where you stand.

3

Policy Bundle

Tailored policies for every gap. PDF + Word. References specific CIS safeguard numbers.

What is CIS IG1?

The Center for Internet Security (CIS) developed 18 Critical Security Controls — the globally-recognised standard for cybersecurity best practices. Implementation Group 1 (IG1) defines the 56 foundational safeguards that every organisation should implement, regardless of size or resources.

IG1 is called "essential cyber hygiene" — it is the baseline. It covers 6 security functions:

Govern
Identify
Protect
Detect
Respond
Recover

CISScore maps every assessment question to specific CIS safeguard numbers, so you always know exactly where you stand.

CIS IG1 Maps to Industry Frameworks

Implementing CIS IG1 gives you a strong foundation for any of these frameworks.

ISO 27001NIST CSF 2.0PCI DSSHIPAAGDPRACSC Essential Eight

Simple, Transparent Pricing

The assessment is free. The policies are $99, one-time.

Free

$0

No account required

  • Full 44-question IG1 assessment
  • Per-control scores (all 16 controls)
  • NIST CSF function breakdown
  • Top 5 critical risk findings
  • All scoring runs in your browser
Start Free Assessment →
Most Popular

Policy Bundle

$99 AUD

One-time payment

  • Everything in Free
  • Tailored policy per gap area
  • References specific CIS safeguard numbers
  • Aligned to CIS Controls v8.1 IG1
  • Download as PDF and Word format
  • Ready to implement immediately

Not affiliated with the Center for Internet Security®

🔒 Payment processed by CyberPosture · Secured by Stripe

Start Assessment → Get Policies

Australian SMB Cybersecurity Suite

Free assessments covering every compliance framework Australian businesses need.

EssentialScoreACSC Essential Eight — 71 questions across all 8 controls. The Australian government mandate for SMB cybersecurity compliance.Free assessment →PrivacyScoreAustralian Privacy Act 1988 — 15 questions covering the 13 APPs and data breach obligations. The small business exemption is being removed.Free assessment →CyberInsureReadyCyber Insurance Readiness — 20 questions across 5 underwriting domains. Know if your business is insurable before your insurer does.Free assessment →

Frequently Asked Questions

What is CIS IG1 and who is it for?
CIS Implementation Group 1 (IG1) is the foundational tier of the CIS Controls framework — 56 safeguards that every organisation should implement regardless of size or technical sophistication. It is specifically designed for small businesses with limited IT resources.
How is CISScore different from the official CIS CSAT tool?
CISScore is designed for non-technical SMB owners. Our 44-question assessment uses plain English, takes 5 minutes, and maps directly to specific IG1 safeguards. The official CIS CSAT is a comprehensive enterprise tool requiring cybersecurity expertise to use effectively.
Do the generated policies meet CIS Controls requirements?
Our tailored policies are aligned to CIS Controls v8.1 IG1 safeguards and reference specific safeguard numbers throughout. They are professional-grade policy templates ready to implement. We recommend having your IT advisor review them before formal adoption.
How long does the assessment take?
The 44-question assessment takes approximately 5 minutes for a business owner familiar with their IT setup. All questions are in plain English — no technical expertise required.
How do CIS Controls compare to the Essential Eight?
Both are practical cybersecurity frameworks aimed at reducing real-world risk, but they differ in scope and origin. The Essential Eight is published by the Australian Cyber Security Centre (ACSC) and focuses on eight specific mitigation strategies — particularly strong on application control, patching, and Microsoft Office macro restrictions. CIS Controls v8.1 is a broader US-developed framework covering 18 control areas and 153 safeguards across three implementation groups (IG1–IG3). For Australian SMBs, the Essential Eight sets a recognised baseline that aligns well with government and regulatory expectations. CIS Controls IG1 covers similar ground but goes further — encompassing areas like audit logging, incident response, and security awareness training that the Essential Eight does not explicitly address. Many Australian organisations find value in completing both: Essential Eight for regulatory alignment and CIS Controls for a more comprehensive security posture.