The CIS SANS Top 20 are a prioritized set of actions to defend against the vast majority of the most common attacks that are trusted by security leaders in both the private and public sector.
We help assess your organization with CIS SANS Top 20
CIS SANS Top 20 Risk Assessment
A risk assessment will evaluate the effectiveness of your entire security program and test your internal and external defenses using real-world attack scenarios.
Gap & Maturity Assessment
A controls gap assessment is designed to test your organization against each of the CIS SANS Top 20 security controls and prepare your organization for audit.
CIS SANS Top 20 Penetration Test
Designed to fully meet the requirements of CIS SANS Top 20, our network and web application penetration testing will validate the effectiveness of your security program by testing it against real-world attack scenarios.
Continuous Monitoring
We work with your technical teams to help develop a plan to meet your continuous monitoring requirements, and help you stay on top of your 30-60-90 day patch cycles.
Custom Framework Mapping
NightLion has developed proprietary compliance framework mapping tools to help your organization satisfy multiple audits without wasting redundant business resources.
Managed Security Programs
We will work with you and your organization to develop a technology agnostic managed security program to help satisfy control requirements.
In The Media
Bloomberg interview with Founder Vinny Troia
Cybersecurity Vulnerabilities Continue to Increase
The need for cybersecurity standards and best practices that address interoperability, usability and privacy continues to be critical for the nation. CIS SANS Top 20 includes a new Control for Email and Web Browser Protections, a deleted Control on Secure Network Engineering, and a re-ordering to make Controlled Use of Administration Privileges higher in priority.
— Data from CIS
Cybersecurity Blog
The latest news and insights into the world of cybersecurity
Case Study
Medical & Healthcare Industry
Night Lion provides IT audit and security control validation for Managed IT provider Specializing in Medical and Healthcare Systems