CIS Controls v8, mapped automatically.
Track all 18 CIS Controls and their Safeguards across Implementation Groups IG1, IG2, and IG3 — with real-time coverage scoring and continuous evidence.
CIS Controls are precise. Tracking them shouldn't be a full-time job.
CIS Controls v8 gives security teams a prioritised, prescriptive list of 153 safeguards across 18 controls. The Implementation Group model means smaller organizations can start with IG1 and scale toward IG3 — but only if they have visibility into where they stand today.
Without continuous tracking, IG coverage is a guess. Safeguards go unmeasured, control effectiveness is assumed, and auditors receive assertions instead of evidence.
No visibility into IG coverage gaps
Most teams don't know which IG1 safeguards they've satisfied vs. which remain open. Without automated tracking, even "basic hygiene" coverage is opaque.
Manual safeguard tracking is error-prone
Spreadsheet-based CIS tracking drifts immediately. A safeguard documented as implemented in Q1 may be silently broken by Q2. Static records don't reflect live posture.
Can't prove control effectiveness to auditors
Auditors want to see that controls are actually working — not just documented. Without continuous evidence, every audit requires a labour-intensive evidence sprint.
18 controls. Continuously evidenced.
Vimy maps your security operations to the CIS Controls v8 safeguard catalogue. As connectors collect telemetry and your team responds to threats, safeguard evidence accumulates automatically — across all three Implementation Groups.
Enterprise and software asset inventory. Vimy's connector integrations surface your cloud, network, and software asset footprint, feeding safeguards 1.1–2.7 with live inventory data.
Data classification, retention, encryption, and access controls. Vimy maps encryption posture, DLP signals, and data access events to CIS 3 and CIS 4 safeguards continuously.
Account lifecycle, privilege management, and MFA enforcement. Vimy's identity connectors track account creation, privilege escalation, and MFA status across your environment.
Vulnerability management and audit log management. Vimy's telemetry pipeline and security batteries generate continuous evidence for monitoring safeguards — the highest-value CIS controls for most organizations.
Incident response program and penetration testing. Vimy's TRO workflow, incident timelines, and response playbooks satisfy CIS 17 safeguards on every resolved incident.
Application security testing, code review, and vulnerability tracking. Vimy aggregates application security signals and maps findings to CIS 16 safeguards across your development pipeline.
From IG1 basics to IG3 maturity — covered.
Implementation Group Tracking
See your IG1, IG2, and IG3 coverage scores separately. Know exactly which foundational safeguards are satisfied before advancing to higher implementation groups.
Safeguard Evidence Collection
Every security event, configuration check, and response action is automatically mapped to the relevant CIS safeguard. Evidence is timestamped and immutable — audit-ready from day one.
Coverage Score Dashboard
A real-time coverage score for each of the 18 controls — broken down by safeguard. Identify which controls are most exposed and prioritise remediation with risk-weighted scoring.
Audit-Ready Reports
Generate CIS Controls v8 alignment reports on demand — filtered by control, safeguard, or IG level. Share with auditors, cyber insurers, or customers without manual evidence packaging.
From IG1 to IG3.
Connect your infrastructure
Plug in your existing security tools. Each connector immediately begins mapping telemetry to CIS Controls safeguards — starting with the IG1 basics that matter most.
Review your IG coverage
Vimy surfaces your current IG1, IG2, and IG3 coverage scores immediately. See which safeguards are satisfied, which are partially covered, and which need attention.
Report and advance continuously
Share your CIS coverage report with auditors or leadership. As your controls mature, your scores improve automatically — no annual evidence sprint required.
See your CIS coverage
through Vimy.
We'll connect to your environment and show you which CIS Controls v8 safeguards are satisfied immediately — and which IG level you're operating at.