Skip to main content
Book a Demo

CIS v8 Compliance Platform

integrity-sm

100s of hours

Saved on compliance

collaboration

54%

Less compliance costs

innovation

12 weeks

To get compliant

Build CIS v8 governance without creating another compliance workstream

Schedule a Demo

Manage CIS v8 readiness, cyber controls, assets, suppliers, evidence, policies, assurance tasks and reporting in one connected platform.

The CIS Controls are one of the most practical cyber security frameworks available.

They are designed to help organisations focus on the security actions that matter most: knowing what assets you have, managing software, protecting data, controlling access, hardening systems, monitoring activity, managing vulnerabilities, preparing for incidents and testing security over time.

It is especially valuable when customers, investors, insurers, procurement teams or enterprise partners want evidence that your cyber controls are not just documented, but actually managed.

CIS v8 touches assets, software, data, access, configuration, vulnerabilities, logging, malware protection, recovery, network security, suppliers, application security, awareness, incident response and penetration testing. If each of those areas sits in a different spreadsheet, ticketing system, folder, screenshot or consultant report, your cyber posture becomes difficult to explain and harder to defend.

de.iterate helps organisations manage CIS v8 as part of one connected cyber and data governance programme.

Instead of treating CIS v8 as another checklist, de.iterate connects the doing parts: risks, controls, policies, evidence, suppliers, assets, data, assurance tasks and audit packs.

Compliance gives you a certificate. Risk management gives you confidence.

how-deiterate-simplifies-compliance-blog-newsletter

What is CIS v8?

CIS v8 refers to version 8 of the CIS Critical Security Controls, published by the Center for Internet Security.

The CIS Controls are a prioritised set of cyber security safeguards designed to help organisations defend against the most common and important cyber attacks. CIS v8 helps you work out which cyber security actions matter most, and in what order to approach them.

The framework is practical by design. It is built around security actions that can be implemented, measured and improved over time.

CIS v8 is not just for large enterprises. It can help small and mid-sized organisations establish a practical cyber baseline, then build towards more mature cyber governance. It is also useful because the CIS Controls align with, support or map to many other security and compliance frameworks.

That makes CIS v8 a strong foundation for organisations working across ISO 27001, SOC 2, Cyber Essentials, NIS2, DORA and broader supplier assurance.

Get Started
deiterate-platform

What is de.iterate?

de.iterate helps organisations turn CIS v8 from a control list into a living management system.

Instead of managing the CIS Controls through disconnected spreadsheets, screenshots, IT notes and manual reminders, de.iterate gives your team one platform to connect the moving parts of cyber risk management.

Your controls connect to your risks. Your risks connect to your assets. Your suppliers connect to your evidence. Your policies connect to your assurance tasks. Your leadership team can see what is current, overdue or at risk.

That is the difference between collecting compliance evidence and running a management system.

CIS v8 is especially useful for UK and international organisations that need a practical cyber baseline before moving into broader frameworks such as ISO 27001, SOC 2, Cyber Essentials, NIS2, DORA, UK GDPR, EU GDPR or AI governance.

A lot of compliance tools help you gather evidence. de.iterate helps you build confidence that your risks are managed.

Get Started

Benefits of CIS v8 readiness with de.iterate

A lot of compliance tools help you collect evidence. de.iterate helps you build assurance.

CIS v8 is not just about producing evidence after the fact.

It is about building the operating rhythm behind cyber hygiene: clear ownership, active risk management, asset visibility, supplier oversight, vulnerability management, policy governance, evidence capture, incident readiness and management reporting.

de.iterate helps organisations move from reactive compliance activity to a more defensible cyber governance program.

integrity-sm

Accelerate time to assurance

With structured workflows, ready-to-use frameworks and a clearer path to implementation, de.iterate helps you make progress faster. Instead of wasting time on admin and disconnected documents, you can focus on building a stronger, audit-ready ISMS.
Get Started
collaboration

Strengthen supply chain assurance

Cloud providers, software platforms, outsourced IT, managed service providers, contractors and other service providers can all affect your security posture. CIS v8 recognises the importance of this.

de.iterate helps connect suppliers to risks, assets, controls, contracts, evidence, reviews and assurance tasks, so third-party cyber risk is easier to manage and easier to explain.

Get Started
innovation

Be ready for audits and reviews

Cyber risk does not wait for audit season. Assets, users, suppliers, vulnerabilities, AI use and customer expectations all change. de.iterate helps you maintain assurance through recurring tasks, review cycles, evidence capture, ownership tracking and reporting, so your team can show progress and control between formal review points.

Get Started
multiple-frameworks

Reduce duplication across frameworks

Most organisations preparing for CIS v8 are not starting from a blank page. They may already be working with ISO 27001, DORA, Cyber Essentials, or SOC 2. The problem is that each framework often creates another register, another evidence request and another reporting process.

de.iterate reduces that duplication by connecting your controls, risks, policies, assets, suppliers and evidence across frameworks through one management system.

Get Started
harold-quackmore

Identify gaps earlier & act faster

de.iterate helps you see where your control environment is strong and where it needs attention. By connecting evidence, ownership and assurance tasks, the platform helps your team prioritise action before issues become customer blockers, audit problems or board-level concerns.

Get Started
migrate-faster

Migrate quickly & easily

If you already manage NIS2, ISO 27001 or broader compliance in spreadsheets, folders or another tool, moving to de.iterate does not mean starting again. de.iterate’s Management System Migration Tool helps bring across existing policies, registers and supporting documentation from legacy systems, so you can preserve the work you have already done and move into a more structured operating model.

Get Started

Everything you need to run and prove CIS v8 readiness

Governance and policy management

Create, manage and review the policies and procedures that support CIS v8, including asset management, software management, data protection, secure configuration, account management, access control, vulnerability management, logging, malware protection, recovery, supplier management, secure development, security awareness, incident response and penetration testing.

Keep documents current, assigned and connected to the controls and risks they support.

Learn More

Assurance and evidence

Operationalise CIS v8 through assurance tasks, checklists, evidence collection and review cycles.

Store contextual evidence against the relevant risk, control, supplier, policy or asset, rather than leaving it scattered across screenshots, folders, inboxes or ticketing systems.

This gives your team a clearer evidence trail and reduces the scramble when customers, auditors, partners or stakeholders ask for proof.

Learn More

Risk and other registers

CIS v8 readiness depends on knowing what matters, who owns it, what it depends on and how it is controlled.

Use de.iterate to connect your risk register, asset register, supplier register, incident register, data register and control environment, so your cyber governance programme reflects how the business actually operates. This helps your team manage scope, ownership, treatment plans, supplier dependencies, reviews, evidence and reporting in one place.

 

Learn More
policy-calendar

Automation where it helps. Context where it matters.

CIS v8 is practical, but it is not a substitute for judgement.

A platform can help organise evidence, map controls, track actions, highlight gaps and reduce repetitive administration. But it cannot replace business judgement.

It cannot decide whether a supplier risk is acceptable. It cannot decide whether an incident is material. It cannot decide whether a control is effective in the context of your organisation. It cannot make management accountable.

That judgement still needs people who understand the business, the risks, the systems and the customers.

That is where de.iterate is different. We do not compete on evidence collection. We compete on confidence.

de.iterate helps surface risk wherever it sits in your business and supports the governance work that follows. AI and automation can sharpen the judgement, but humans remain accountable.

That is how CIS v8 readiness becomes more than a compliance project. It becomes part of a living risk management program.

Get Started

Frequently Asked Questions

Got questions? Luckily, we've got answers!

After all, we're here to help you get your ducks in a row.

What is CIS v8?

CIS v8 is version 8 of the CIS Critical Security Controls, a prioritised set of cyber security safeguards published by the Center for Internet Security.

The controls help organisations focus on the security actions most likely to reduce common cyber risk.

Who should use CIS v8?

CIS v8 is useful for organisations of many sizes and sectors.

It is especially helpful for small and mid-sized digital-first businesses that want a practical cyber security baseline, or organisations that need to strengthen cyber control maturity before moving into ISO 27001, SOC 2, Cyber Essentials, NIS2-aligned readiness, DORA-aligned readiness or customer assurance.

Is CIS v8 a certification?

CIS v8 is primarily a control framework, not a certification in the same way as ISO 27001 or Cyber Essentials.

It helps organisations structure, prioritise and measure cyber security controls. Many organisations use CIS v8 internally, as part of customer assurance, or as a foundation for other frameworks.

What does CIS v8 cover?

CIS v8 covers practical cyber security control areas such as asset inventory, software inventory, data protection, secure configuration, account management, access control, vulnerability management, logging, malware protection, recovery, network security, supplier management, application security, awareness training, incident response and penetration testing.

What is the difference between CIS v8 and ISO 27001?

CIS v8 is a prioritised set of cyber security controls. ISO 27001 is a broader information security management system standard.

They are different, but they work well together.

CIS v8 helps identify practical cyber security controls. ISO 27001 provides the management system structure around risk assessment, control selection, policies, internal audit, management review and continual improvement.

de.iterate helps organisations manage both through one connected platform, so risks, controls, policies, assets, suppliers and evidence do not need to be rebuilt for each framework.

What is the difference between CIS v8 and Cyber Essentials?

Cyber Essentials is a UK certification scheme focused on five baseline technical control areas. CIS v8 is a broader set of prioritised cyber security controls that can support a more mature cyber security programme.

Cyber Essentials can be a useful starting point for UK organisations. CIS v8 gives teams a broader control set to build on as their cyber risk management matures.

de.iterate helps organisations manage both within one connected operating model.

 

Can de.iterate make us CIS v8 compliant?

No platform can automatically make an organisation compliant with CIS v8.

CIS v8 readiness depends on your assets, software, suppliers, controls, policies, risks, evidence, governance and the way your organisation operates.

de.iterate helps you manage the work behind CIS v8 readiness: control ownership, policy management, asset visibility, supplier oversight, evidence, assurance tasks, registers and reporting.

de.iterate helps manage supplier risk as part of the wider governance program, linking suppliers to assets, controls, risks, policies, evidence and assurance tasks.

Is CIS v8 just an IT responsibility?

No. CIS v8 is a cyber security control framework, but its practical impact goes beyond IT.

It touches governance, assets, suppliers, policies, user access, data protection, training, incident response, resilience, reporting and management accountability.

Technology teams play a critical role, but risk, compliance, operations, procurement and leadership also need visibility.

de.iterate helps bring those responsibilities into one connected program.

How does CIS v8 fit with NIS2 and DORA?

CIS v8 can support broader cyber governance expectations under NIS2 and DORA-aligned readiness.

NIS2 and DORA focus on cyber risk management, resilience, supplier oversight, incident readiness, governance and evidence. CIS v8 gives organisations a practical control framework that can help support those outcomes.

de.iterate helps connect CIS v8 controls to wider risks, policies, assets, suppliers, evidence and reporting, so organisations can manage multiple frameworks through one operating model.

How does CIS v8 relate to AI governance?

CIS v8 is focused on cyber security controls, not AI governance specifically.

However, AI systems rely on many of the same foundations CIS v8 supports: secure assets, controlled access, data protection, supplier oversight, logging, vulnerability management, incident response and accountability.

de.iterate connects CIS v8-aligned cyber governance with AI Ethics and Privacy, so organisations can manage security, AI and privacy as one programme rather than three separate workstreams.

Simple monthly pricing, based on the frameworks you need

de.iterate's monthly pricing is structured around the compliance frameworks you choose to access, giving you the flexibility to build a program that fits your organisation’s needs. Every plan includes access to the de.iterate platform and its feature set, from automated and expert-led onboarding, through to migration support, assurance workflows, live registers, compliance reporting and the core documentation needed to run and maintain your management system with confidence.
AUD
GBP
Starter (per month)

$179£100

  • Cyber Essentials

  • Essential Eight

  • SMB 1001

  • Privacy Acts

  • DISP

Get Started
Business (per month)

$2,100£1,250

  • ISO 27001

  • ISO 27701

  • ISO 42001

  • ISO 9001

  • ISO 45001

  • ISO 14001

  • SOC 2

  • NIST CSF 2.0

  • NIST 800-53

  • NIST 800-171

  • NIST 800-172

  • GDPR

  • Essential Eight

  • SMB 1001

  • Privacy Acts

  • DISP

  • DORA

  • NIS2

  • European Union's AI Act

  • CIS v8

  • TISAX

  • Cyber Essentials

Get Started
Enterprise (per month)

$3,500£2,000

  • ISO 27001

  • ISO 27701

  • ISO 42001

  • ISO 9001

  • ISO 45001

  • ISO 14001

  • SOC 2

  • NIST CSF 2.0

  • NIST 800-53

  • NIST 800-171

  • NIST 800-172

  • GDPR

  • Essential Eight

  • SMB 1001

  • Privacy Acts

  • DISP

  • ISM

  • SOCI

  • Right Fit for Risk (RFFR)

  • DORA

  • NIS2

  • European Union's AI Act

  • CIS v8

  • TISAX

  • Cyber Essentials

Get Started

Ready for simple, stress-free compliance? Want help from real GRC experts?

Get Started