Research Project: This is a free AI research project. No warranties, SLAs, or company associations. Learn more

Industry Standard Framework

CIS Controls v8 IG1Benchmarking

56 essential safeguards, continuously evaluated, across your entire MSP portfolio. The industry standard for cyber hygiene—automatically verified.

Start Free TrialBook a Demo
56
Safeguards
IG1 essential hygiene
24/7
Evaluation
Continuous monitoring
100%
Automated
Zero manual entry
30K+
Organizations
Use CIS globally

What is CIS IG1?

CIS Controls v8 is the gold standard for cybersecurity best practices, used by 30,000+ organizations globally. Implementation Group 1 (IG1) defines 56 safeguards for "essential cyber hygiene"—the minimum security every organization should have.

For MSPs, IG1 is the perfect baseline:

  • Aligns with what insurance carriers require
  • Achievable for SMB clients with limited budgets
  • Measurable, defensible, and industry-recognized

Control Categories

Inventory & Control of Assets
Controls 1-2 (7)
Data Protection
Controls 3 (4)
Secure Configuration
Controls 4 (8)
Account Management
Controls 5-6 (8)
Vulnerability Management
Controls 7 (4)
Audit Logging
Controls 8 (3)
Email & Browser Protection
Controls 9 (2)
Malware Defenses
Controls 10 (3)
Data Recovery
Controls 11 (5)
Network Management
Controls 12-13 (4)
Security Training
Controls 14 (3)
Service Provider Management
Controls 15 (2)
Application Security
Controls 16 (1)
Incident Response
Controls 17 (2)
The Difference

Continuous Evaluation, Not Point-in-Time Audits

Traditional compliance is a snapshot. You pass an audit, then drift for 364 days until the next one. BrainstormMSP evaluates CIS safeguards continuously.

AspectPoint-in-Time AuditContinuous Evaluation
FrequencyAnnualDaily/Real-time
Evidence freshness364 days staleAlways current
Drift detectionNoneInstant alerts
Prep time40+ hours<1 hour
ConfidenceLow (snapshot)High (continuous)
Every backup job
Control 11
Every GDAP change
Controls 5-6
Every Entra sync
Control 6
Every restore test
Control 11.5

Evidence From Your Existing Stack

We don't ask you to install new agents or fill out forms. Evidence flows from tools you already use.

Acronis Cyber Protect Cloud

  • Backup job statusCIS 11.2
  • Encryption settingsCIS 3.6
  • Restore verificationCIS 11.5
  • Agent deploymentCIS 1.1
  • Antivirus statusCIS 10.1

Microsoft GDAP

  • Admin accountsCIS 5.4
  • MFA statusCIS 6.4
  • Role assignmentsCIS 5.1
  • Privilege driftCIS 5.3

Microsoft Entra

  • User MFACIS 6.5
  • Conditional accessCIS 6.3
  • Guest accountsCIS 5.3
CIS Benchmark Report

Professional Reports for Every Client

Every client gets a professional, PDF-ready CIS benchmark report. Perfect for QBRs, insurance renewals, and board presentations.

  • Executive summary with overall score
  • Safeguard-by-safeguard breakdown
  • Evidence citations for each control
  • Gap analysis with remediation priorities
  • Trend over time (if historical data)
Get Your First Report
CIS IG1 Benchmark
December 2025
78%
Overall Score
44
Passing
8
Failing
4
N/A
Top Gaps
CIS 11.5 - Restore Testing
CIS 6.4 - MFA for Admins
CIS 3.6 - Data Encryption
Insurance Ready

CIS Alignment = Better Insurance Outcomes

Insurance carriers want to see structured security controls. CIS IG1 is exactly what they're looking for—and our evidence packs prove it.

Questionnaire Auto-Fill

CIS evidence maps directly to Coalition, Cowbell, and At-Bay questionnaire fields. 200+ answers pre-populated.

Evidence Packs

Download carrier-ready evidence packs with CIS safeguard citations, confidence scores, and supporting documentation.

Evidence-Based Renewals

CIS-aligned evidence packages give carriers the structured data they need for risk assessment.

Frequently Asked Questions

No. IG1 safeguards are prioritized by impact. Start with what you have evidence for, then work toward complete coverage. Our platform shows you which safeguards are already covered by your existing tools.
CIS IG1 is a controls framework, not a certification. It's less formal but more practical for SMBs. Many SOC 2 controls map directly to CIS. Insurance carriers often accept CIS alignment as evidence of security posture.
You'll see specific remediation steps for each failed safeguard. Many issues can be auto-remediated (e.g., enabling MFA, adjusting backup schedules). Failed safeguards are prioritized by risk impact.
Yes. CIS alignment is exactly what carriers look for. Our insurance evidence packs include CIS mapping, and we auto-populate questionnaires for Coalition, Cowbell, At-Bay, and other carriers.
Currently: Acronis Cyber Protect Cloud, Microsoft GDAP, and Microsoft Entra. We're adding ConnectWise, HaloPSA, Datto, and more. Each integration automatically maps to relevant CIS safeguards.
Evaluation frequency varies by control type. Backup status is checked hourly. GDAP configurations sync daily. Some controls (like MFA status) are evaluated on every login event.

Get Your First CIS Benchmark in 15 Minutes

No credit card required. 14-day trial. Cancel anytime.

Connect your Acronis account and see your CIS IG1 score today. No manual data entry required.

Start Free TrialBook a Demo