The Center for Internet Security Risk Assessment Method (CIS RAM) is an information security risk assessment method that helps organizations implement and assess their security posture against the CIS Critical Security Controls (CIS Controls)  cybersecurity best practices. The CIS RAM Family of Documents provides instructions, examples, templates, and exercises for conducting a cyber risk assessment.

Family of Documents: 

  • CIS RAM Core v2.2
  • CIS RAM for Implementation Group 1 (IG1) v2.2 and Companion Workbook
  • CIS RAM for Implementation Group 2 (IG2) v2.2 and Companion Workbook
  • CIS RAM for Implementation Group 3 (IG3) v2.2 & Companion Workbook
  • CIS RAM and the VERIS Community Database 

Complete the form to start downloading CIS RAM v2.2 for CIS Controls v8.1.

Security at Every Level

Developed by HALOCK Security Labs in partnership with CIS, CIS RAM provides three separate security approaches to support different levels of organizational capability.

  • New to risk analysis? You can use CIS RAM’s instructions for modeling foreseeable threats against the CIS Controls as your organization applies them.
  • Experienced with cybersecurity? Follow instructions for modeling threats against information assets to determine how the CIS Controls should be configured to protect them.
  • Cyber risk expert? Use CIS RAM’s instructions for analyzing risks based on “attack paths” using CIS’ Community Attack Model.

Looking for a Previous Version?
CIS RAM for Controls v8 and v7.1 are available for download.

Download CIS RAM

Fill out the form below to get started.
Is your organization a U.S. State, Local, Tribal, or Territorial (SLTT) or other non-federal U.S. government institution (including public education and critical infrastructure)?

^ By submitting the form, I have reviewed the CIS Privacy Notice, which details the way in which CIS utilizes personal data, including the use of standard web beacons and cookies.

* Indicates required field

If you experience any issues during registration, please contact us at learn@cisecurity.org.