Generators→CIS Controls v8 Gap Assessment

CIS Controls v8 Gap Assessment Generator

Assess your organisation's security posture against all 18 CIS Controls v8 safeguards across IG1/IG2/IG3 implementation groups. Get a scored gap report with prioritised remediation roadmap. Ideal for SMBs, US market, and SOC 2 / ISO 27001 preparation.

CIS Controls v8IG1 / IG2 / IG318 ControlsUS SMBSOC 2 Alignment

What this generates: A scored CIS Controls v8 gap assessment report with per-control status, Implementation Group analysis, critical gaps prioritised by impact, and a phased remediation roadmap with effort estimates. Maps to SOC 2 and ISO 27001.

Company & Scope→

18 CIS Controls

Company & Assessment Details

Company Name *

Company Website

Country *

Industry

Team Size

Assessment Date

Assessor Name *

Assessor Title

Assessor Email

Target Implementation Group

CIS Controls v8 groups safeguards by organisational size and resources. IG1 = all orgs, IG2 = adds more controls, IG3 = most mature.

IG1 — Essential Cyber Hygiene (all organisations)

The minimum standard of information security for all enterprises. Focuses on basics: inventory, patching, MFA, backups, IR. Ideal for small teams or pre-SOC 2.

IG2 — IG1 + Foundational Security (recommended for most SaaS)

For teams that must manage more complex infrastructure or handle sensitive data. Adds vulnerability scanning, SIEM, application security, pen testing. SOC 2 / ISO 27001 aligned.

IG3 — IG1 + IG2 + Advanced (large/regulated orgs)

Adds the most advanced controls. Required for heavily regulated industries, large enterprises, FedRAMP, or those handling national security information.

Additional Context

CIS Controls v8 Gap Assessment Generator

Company & Assessment Details

Target Implementation Group

Cloud Providers

Existing Security Tools