Glossary

Center for Internet Security

The Center for Internet Security (CIS) is a nonprofit that publishes security best practices, benchmarks, and controls used to protect IT and OT systems.

Cybersecurity and Defense Compliance

The Center for Internet Security (CIS) is a nonprofit organization that develops and publishes widely used cybersecurity best practices, reference frameworks, and configuration benchmarks. Its guidance is commonly applied to protect servers, workstations, network devices, cloud services, and in many cases industrial control and manufacturing systems that rely on standard IT components.

CIS in manufacturing and industrial environments

In industrial and regulated operations, CIS resources are often used as reference material when designing or improving cybersecurity programs. Typical uses include:

  • Using CIS Critical Security Controls (CIS Controls) as a prioritized checklist for security capabilities such as asset inventories, secure configuration, access control, logging, incident response, and penetration testing.
  • Applying CIS Benchmarks to harden operating systems, databases, network devices, and cloud platforms that host MES, historians, quality systems, or other production applications.
  • Referencing CIS materials when aligning plant or enterprise cybersecurity practices with broader regulatory or customer expectations.

CIS guidance is generally technology focused and voluntary. Organizations choose which controls and benchmarks to adopt based on their own risk assessments, system constraints, and validation requirements.

What CIS is and is not

  • Is: A source of consensus-based best practices, controls, and configuration guidelines for securing IT and, by extension, many OT-adjacent systems.
  • Is not: A regulator, standards body, or certification authority. CIS materials do not by themselves establish legal or regulatory compliance.

Common confusion

  • CIS vs. CIS Controls: The Center for Internet Security (CIS) is the organization. The CIS Critical Security Controls are one of its published frameworks.
  • CIS vs. regulatory standards: CIS documents can support alignment with security-related regulations or standards, but they are not regulations and do not replace sector-specific requirements.

Relation to the CIS Critical Security Controls

The Center for Internet Security maintains the CIS Critical Security Controls, a prioritized set of technical and procedural controls. Manufacturers sometimes use these controls as a structured reference when assessing security posture for production networks, plant-floor systems, and supporting IT infrastructure, while tailoring implementation to local risk and operational constraints.

Related Blog Articles

NIST 800-53 Security Controls: Catalog Overview and Industrial Context

What is NIST SP 800-53? NIST Special Publication 800-53, Revision 5, finalized in September 2020, is a comprehensive catalog of security and privacy controls for information systems and organizations. Published by the National Institute of Standards and Technology, this document provides over 1,000 individual security controls organized across 20 control families. The catalog serves as…

Related FAQ

There are no available FAQ matching the current filters.

Related Glossary

There are no available Glossary Terms matching the current filters.
Let's talk

Ready to See How C-981 Can Accelerate Your Factory’s Digital Transformation?

Request a Demo

product

Shopfloor OperationsSupply Chain & ProcurementMROSolutionsRequest a Demo

Resources

BlogCommunitySecurity & ComplianceAPI & IntegrationsTalk to an Aerospace Expert

About

About UsPrivacy PolicyCookie PolicyTerms of ServiceContact Us

© 2026 Connect 981. All rights reserved.