top of page



The CIS Controls are a security framework that can be applied to businesses to improve their security posture. Many businesses are required by law to adhere to other frameworks. Among other functions, the Controls Navigator maps the CIS Controls to other frameworks so businesses wishing to use the Controls for ease of use but who have those legal requirements can show they've fulfilled their obligations.

The original product was difficult to use, particularly when applying mappings. A heuristic evaluation helped identify areas for improvement, and working closely with the developer and internal stakeholders resulted in other user gains as well.


Improvements to the mapping workflow centered around the idea of color coding the information related to different mappings.


Clicking a row in the table (representing a sub-control) expands it to show all mapped standards broken into color-defined areas. The colors selected are also those that appear if a mapping is applied (as shown in the above image). Improved text hierarchy makes the potentially long list much easier to digest, and the connection between each sub-control and its mapped compatriots is significantly clearer.

bottom of page