Center for Internet Security
Simplify security management with CIS SecureSuite Platform
New operating systems prioritize usability, a reality which threat actors use to exploit security gaps. Every misconfiguration creates an opportunity for compromise, and lean …
Verizon DBIR: Vulnerability exploitation is the dominant initial access vector
Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach …
Download: Secure Foundations for AI Workloads on AWS
Center for Internet Security helps organizations deploy AI and high-performance compute environments from a trusted, hardened operating system baseline. CIS Hardened Images …
Prompt injection tags along as GenAI enters daily government use
Routine use of GenAI has moved into daily operations in state and territorial government environments, placing new security risks within common workflows. A Center for …
CIS Benchmarks March 2026 Update
The following CIS Benchmarks and CIS Build Kits have been updated or recently released. The Center for Internet Security has highlighted the major updates below. Each …
Secure by Design: Building security in at the beginning
Secure by Design is not a single tool, product, or one‑time activity. It is a holistic approach that requires security to be deliberately embedded from the very beginning, at …
How Secure by Design helps developers build secure software
Security isn’t just a feature, it’s a foundation. As cyber threats grow more sophisticated and regulations tighten, developers are being asked to do more than just write clean …
CIS, Astrix, and Cequence partner on new AI security guidance
The Center for Internet Security, Astrix Security, and Cequence Security announced a strategic partnership to develop new cybersecurity guidance tailored to the unique risks …
CISA says it will fill the gap as federal funding for MS-ISAC dries up
The cooperative agreement between the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the not-for-profit Center for Internet Security is ending today, the …
Download: Cyber defense guide for the financial sector
Data breaches cost more for financial organizations than they do for those in many other industries. In attempting to strengthen your financial organization’s …
Local governments struggle to defend critical infrastructure as threats grow
A small-town water system, a county hospital, and a local school district may not seem like front-line targets in global conflict, but they are. These organizations face daily …
Back to basics webinar: The ecosystem of CIS Security best practices
Generative AI models, multi-cloud strategies, Internet of Things devices, third-party suppliers, and a growing list of regulatory compliance obligations all require the same …
Featured news
Resources
Don't miss
- Klue breach lead to Salesforce data theft, Huntress affected
- Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)
- Your browser tab could become encrypted storage for someone else’s files
- Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned
- 74,000 Fortinet firewall credentials exposed in FortiBleed data leak