CIS 18 Controls Assessment

Assess. Strengthen. Secure with Confidence.

At BDSOC Inc., we help organizations evaluate and align their security programs with the CIS Critical Security Controls Version 8. Our CIS 18 Controls Assessment delivers a comprehensive review of your current environment, identifies gaps, and provides a clear roadmap for improved cybersecurity maturity.

Our assessment is structured around the three implementation groups defined by the Center for Internet Security, customized to your organization's size and risk profile.

  • Inventory of hardware and software assets

  • Secure configuration for servers, endpoints, and cloud environments

  • Identity and access management

  • Vulnerability management practices

  • Malware defenses and antivirus controls

  • Audit log collection and monitoring

  • Email and web browser protections

  • Backup and recovery controls

  • Incident response planning and testing

  • Application software security

  • Data protection and encryption standards

  • Account monitoring and behavioral analytics

  • Awareness training and secure workforce behaviors

  • Implementation Group mapping (IG1, IG2, IG3)

  • Gap scoring and maturity tracking

What We Assess in CIS 18

person holding black iphone 5
person holding black iphone 5

The CIS Controls are globally recognized as a practical, prioritized cybersecurity framework.
Whether you're preparing for insurance reviews, vendor audits, or compliance programs like HIPAA, NY SHIELD, or NIST, aligning with CIS gives your organization a solid foundation.

Security issues we commonly identify:


✔ Lack of asset inventory or documentation
✔ Poor patch and vulnerability management
✔ Weak access controls or privilege creep
✔ Inadequate monitoring or logging
✔ Missing response plans or backup strategies

Why CIS 18 Controls Matter

white and green wooden board
white and green wooden board

Step 1: Discovery Session
We learn about your infrastructure, goals, and implementation group level.

Step 2: Control-by-Control Assessment
We evaluate your current controls using interviews, technical reviews, and policy analysis.

Step 3: Gap Analysis and Scoring
We measure your environment against the CIS framework and assign maturity ratings.

Step 4: Risk Prioritization
We map weaknesses to potential risk impact and provide remediation priorities.

Step 5: Roadmap and Reporting
We deliver a detailed action plan aligned with your business objectives and compliance needs.

Our CIS Assessment Process

person holding pencil near laptop computer
person holding pencil near laptop computer

  • New York-based with over 12 years of cybersecurity and compliance experience

  • Supporting both small healthcare companies and large enterprise environments

  • Assessments performed by certified professionals including CISSP, CISA, CISM, CRISC, CCISO, and PMP

  • Deep understanding of CIS, NIST, HIPAA, and NY SHIELD frameworks

  • Reports designed for both technical and executive audiences

Why Choose BDSOC Inc.

person standing near the stairs
person standing near the stairs

Two widely recognized frameworks for structuring an incident response plan are developed by NIST (National Institute of Standards and Technology) and SANS (SysAdmin, Audit, Network, Security). Both frameworks outline similar steps but differ in their approach:

NIST Framework

  1. Preparation

  2. Detection and Analysis

  3. Containment, Eradication, and Recovery

  4. Post-Incident Activity

SANS Framework

  1. Preparation

  2. Identification

  3. Containment

  4. Eradication

  5. Recovery

  6. Lessons Learned

Both frameworks emphasize the importance of preparation and continuous improvement in handling security incidents effectively.

Frameworks for Incident Response

Our Training Partners

Our Technology Partners

man sitting in front of table

Get Started Today!

Let BDSOC help you align with CIS 18 Controls and strengthen your entire security program.

© 2025 BDSOC INC. ALL RIGHT RESERVED.

Terms & Conditions

Privacy Policy