Center for Internet Security, CREST Join Forces to Secure Organizations Globally

Center for Internet Security, CREST Join Forces to Secure Organizations Globally

EAST GREENBUSH, N.Y., June 28, 2023 — The Center for Internet Security, Inc. (CIS®) today announced the launch of a joint initiative with CREST, an international not-for-profit accreditation and certification body, to help advance security and resilience to achieve better global cybersecurity.

As cyber threats continue to escalate to unprecedented levels globally, CIS and CREST are launching the CIS Controls Accreditation program to provide organizations a way to show customers and partners that their cybersecurity posture meets the best practice guidance as set forth in the CIS Critical Security Controls (CIS Controls) underpinned by the rigorous standards of CREST accreditation.

Establishing, maintaining, and proving an organization’s security posture remains a high priority for business, government, and regulatory bodies. CIS Controls Accreditation is an exclusive opportunity for CIS SecureSuite Members (Controls, Consulting & Services, and Product Vendor) and CREST Members to offer consulting services to end user organizations who wish to demonstrate that their implementation of security best practices is guided and externally assessed in accordance with the training and validation defined by two renowned authorities in cybersecurity. 

“The ability to digest all the data and controls from various devices and systems is essential in this massive shift to evidencing security,” said Tom Brennan, Executive Director, CREST Americas Region. “Together, CIS Controls and CREST accreditations give our joint members an accelerated path to meet risk and compliance requirements in addition to providing a methodology for continuously monitoring their security posture. By using CREST on top of the CIS Controls, security professionals can monitor security from infrastructure that can be observed, tested, and enhanced.”

The CIS Critical Security Controls are a set of globally-recognized and widely-used best practices that provide a prioritized path to improve an enterprise’s cybersecurity posture. This is the first initiative pairing the CIS Controls with a program to deliver accredited consulting.

“CIS is pleased to partner with CREST to provide end user organizations a selection of recognized consultants to advise on the implementation of and assessment against the CIS Controls,” said Curtis Dukes, CIS Executive Vice President and General Manager, Security Best Practices. “We see this as a significant step forward in our efforts to secure enterprises and safeguard against current and emerging threats.

The joint CIS and CREST offering is available to members of both organizations here.  

About CIS

The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Critical Security Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. election offices. To learn more, visit 

About CREST

CREST is an international not-for-profit, membership body representing the global cyber security industry with the goal to help create a secure digital world for all. CREST focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration and proving security posture. Through rigorous quality assurance of its members and delivering professional certifications to the cyber security industry. CREST accredits over 350 member companies, operating across dozens of countries, and certifies thousands of professionals worldwide across governments, regulators, academic institutions, training partners, professional bodies and other stakeholders around the world. For more information, please visit us at https://www.crest-approved.org/