Press Release


 ISACA Issues New Audit and Assurance Program on CIS Controls™ 

Rolling Meadows, IL, USA (20 December 2017)The newest audit/assurance program from global technology association ISACA is based on  the CIS’® (Center for Internet Security’s®) CIS Controls, a prioritized set of actions to protect organizations and data from known cyber-attack vectors. The new ISACA audit program focuses on the critical role of the cybersecurity auditor responsible for the evaluation of a company’s cyber readiness.

The CIS Controls Audit/Assurance Program takes a high-level approach to providing assurance. Focusing on the primary security and controls for protection of sensitive data, intellectual property, networks and responsibility, and accountability for devices and information within the network, CIS Controls audits aim to achieve the following:

  • Provide management with an assessment of critical cybersecurity controls based on the CIS Controls, and evaluate their operational effectiveness
  • Identify internal control and regulatory deficiencies
  • Identify security control concerns that could affect the reliability, accuracy and security of enterprise data

“Since its earliest version, the CIS Controls have always recognized and supported the essential role of the audit community. Best practices don’t make a difference until senior decision-makers have confidence that the right security controls are in place, operating, and able to support decision-making. Our collaboration with ISACA is major step in building that confidence,” said CIS Sr. V.P. & Chief Evangelist Tony Sager.

The CIS Controls include 149 subcontrol activities, which lay out steps to assess design and operating effectiveness.  ISACA’s CIS Controls Audit and Assurance Program is designed for audit and assurance professionals with an understanding of good-practice cyber security controls and the underlying controls of IT infrastructure, databases and application controls.

For additional material on CIS and a better understanding on the role of a cyber defense framework, ISACA recommends “CIS Critical Security Controls for Effective Cyber Defense” and “A Measurement Companion to the CIS Critical Security Controls.” For more information on ISACA’s audit and assurance programs, please visit ISACA’s Audit and Assurance Programs page.



Nearing its 50th year, ISACA ( is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its half-million engaged professionals in information and cyber security, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including more than 215 chapters and offices in both the United States and China.




Michelle Micor, +1 .847. 385.7217,
Kristen Kessinger, +1.847.660.5512,
Jay Schwab, +1.847.660.5693,