Center for Internet Security
Simplify security management with CIS SecureSuite Platform
New operating systems prioritize usability, a reality which threat actors use to exploit security gaps. Every misconfiguration creates an opportunity for compromise, and lean …
Verizon DBIR: Vulnerability exploitation is the dominant initial access vector
Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach …
Download: Secure Foundations for AI Workloads on AWS
Center for Internet Security helps organizations deploy AI and high-performance compute environments from a trusted, hardened operating system baseline. CIS Hardened Images …
Prompt injection tags along as GenAI enters daily government use
Routine use of GenAI has moved into daily operations in state and territorial government environments, placing new security risks within common workflows. A Center for …
CIS Benchmarks March 2026 Update
The following CIS Benchmarks and CIS Build Kits have been updated or recently released. The Center for Internet Security has highlighted the major updates below. Each …
Secure by Design: Building security in at the beginning
Secure by Design is not a single tool, product, or one‑time activity. It is a holistic approach that requires security to be deliberately embedded from the very beginning, at …
How Secure by Design helps developers build secure software
Security isn’t just a feature, it’s a foundation. As cyber threats grow more sophisticated and regulations tighten, developers are being asked to do more than just write clean …
CIS, Astrix, and Cequence partner on new AI security guidance
The Center for Internet Security, Astrix Security, and Cequence Security announced a strategic partnership to develop new cybersecurity guidance tailored to the unique risks …
CISA says it will fill the gap as federal funding for MS-ISAC dries up
The cooperative agreement between the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the not-for-profit Center for Internet Security is ending today, the …
Download: Cyber defense guide for the financial sector
Data breaches cost more for financial organizations than they do for those in many other industries. In attempting to strengthen your financial organization’s …
Local governments struggle to defend critical infrastructure as threats grow
A small-town water system, a county hospital, and a local school district may not seem like front-line targets in global conflict, but they are. These organizations face daily …
Back to basics webinar: The ecosystem of CIS Security best practices
Generative AI models, multi-cloud strategies, Internet of Things devices, third-party suppliers, and a growing list of regulatory compliance obligations all require the same …
Featured news
Resources
Don't miss
- China-linked spies backdoored authentication stack to stay hidden for years
- AI vulnerability discovery is pushing 2026 CVEs toward 66,000
- PhishLumos: Exposing phishing campaigns that evade detection by hiding content
- Onspring CISO on where automated GRC systems fall short
- Open-source CI/CD abuse detector guards against stolen credential attacks