The CIS Critical Security Controls (previously known as the SANS Top 20 security controls), developed by the Center for Internet Security, provide a catalog of prioritized guidelines and steps for resilient cyber defense and information security mitigation approaches. This gives organizations an organized security action plan to stay compliant with major industry regulations and standards like HIPAA, PCI DSS, and more. Any episode of regulatory non-compliance can result in heavy fines, loss of business and reputation, litigation, and more.