ROI Technologies
Back to Blog
Cybersecurity24 June 2026

What is CIS? Understanding the Center for Internet Security

Learn what CIS is, what CIS Benchmarks are, and how a CIS Assessment helps South African businesses identify security gaps and reduce cyber risk.

If you're responsible for managing IT systems, you've probably heard the term CIS before — but what exactly is it?

CIS stands for the Center for Internet Security, a globally recognised organisation that develops cybersecurity best practices used by businesses, governments, and security professionals around the world.

Watch: What is CIS?

What are CIS Benchmarks?

One of CIS's most widely used resources is the CIS Benchmarks — recommended security configurations for technologies such as:

  • Microsoft 365
  • Active Directory
  • Windows Server
  • SQL Server
  • FortiGate firewalls
  • Sophos firewalls

Think of them as a blueprint for secure configuration. Instead of relying on guesswork, organisations can compare their systems against proven industry standards to identify weaknesses and reduce risk.

What Does a CIS Assessment Answer?

A CIS assessment helps answer one important question:

"Is our environment configured according to recognised security best practices?"

Many organisations invest in security products — firewalls, endpoint protection, Microsoft 365 licences — but never verify whether those products are actually configured correctly. A CIS assessment closes that gap.

Why Configuration Matters as Much as the Product

Cybersecurity isn't just about having security products. It's about ensuring they're configured according to recognised industry standards. A misconfigured firewall or an Active Directory environment with weak password policies creates risk regardless of what security software is installed.

How ROI Technologies Conducts CIS Assessments

At ROI Technologies, we use professional CIS auditing tools to assess environments against the CIS Benchmarks. Our process identifies security gaps across your Microsoft 365 environment, Active Directory, Windows Server infrastructure, and network firewalls — and provides a prioritised remediation plan to improve your overall security posture.

Ready to Find Out How Your Environment Measures Up?

A CIS Assessment gives you a clear, evidence-based picture of your security configuration — no guesswork, no assumptions.

Contact ROI Technologies to book your CIS Assessment today.

Need IT or Cybersecurity help in South Africa?

Talk to ROI Technologies — Johannesburg-based, certified, vendor-agnostic.

Contact Us