Originally developed in 2008 and currently on version 6.1, The Center for Internet Security’s Critical Security Controls for Effective Cyber Defense (known as the CIS Top 20 Controls) are, “a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks.” Seen as a starting point for prioritizing cyber defense, the CIS Top 20 Controls map to many existing frameworks such as the NIST Cybersecurity Framework, NIST 800-53, ISO 27000 and regulations such as PCI, HIPAA, NERC CIP, and FISMA. The Top 20 CIS Controls have been adopted by thousands of enterprises worldwide.
Download the tech brief "Identifying and Mitigating IT Risk with the Top 20 CIS Controls" and gain compliance. Download now
If you’re just getting started with the CIS Top 20 Controls, or are looking for a way to make better use of those controls with the multiple regulations your organization is beholden to, good news! We’ve already done the work of mapping BeyondTrust’s solutions for privileged access management and vulnerability management to the controls. In fact, BeyondTrust solutions address all or part of 19 out of the 20 controls, and each of the all-important First 5 CIS Controls that seek to address the majority of cyber risks. Check out the graphic below.
Scroll ------> for more
PowerBroker Platform | Retina CS | Retina Network Security Scanner | BeyondSaaS | PowerBroker Endpoint Protection | PowerBroker Password Safe | PowerBroker for Windows | PowerBroker for Mac | PowerBroker for Unix & Linux | PowerBroker for Sudo | PowerBroker Identity Services | PowerBroker Auditing & Security | |
---|---|---|---|---|---|---|---|---|---|---|---|---|
1. Inventory of Authorized and Unauthorized Devices | ● | ● | ● | ◖ | ○ | ○ | ○ | ○ | ○ | ○ | ○ | ◖ |
2. Inventory of Authorized and Unauthorized Software | ● | ● | ● | ◖ | ● | ○ | ○ | ○ | ○ | ○ | ○ | ○ |
3. Secure Configurations for Hardware & Software | ● | ● | ● | ◖ | ◖ | ○ | ● | ● | ● | ● | ○ | ○ |
4. Continuous Vulnerability Assessment & Remediation | ● | ● | ● | ◖ | ● | ○ | ● | ○ | ○ | ○ | ○ | ○ |
5. Controlled Use of Administrative Privileges | ● | ○ | ○ | ○ | ◖ | ● | ● | ● | ● | ● | ◖ | ● |
Scroll ------> for more
● = Covered
◖ = Partially covered
○ = Not covered
For a complete mapping of BeyondTrust solutions to the full list of the Top 20 Controls, be sure to download the white paper today! If you’re ready, schedule a strategy session with us and we’ll talk about implementing these controls organization-wide!

Scott Lang, Sr. Director, Product Marketing at BeyondTrust
Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.