Did I mention I love the Critical Security Controls? I do. And here's an absolute diamond I found this week:
This site (http://www.auditscripts.com/free-resources/critical-security-controls/) offers awesome CSC-mapping tools (and they're free!), specifically:
A spreadsheet with how the CSCs map to other popular frameworks like ISO and NIST
A manual assessment tool for measuring your org - or someone else's org - against the CSCs. Flippin' sweet right? RIGHT!
Lastly, I built an LOL-worthy pentesting recon tool called SSOTT (Scan Some of the Things) that might help you automate some NMAPing, DIRBing, NIKTOing, and the like. Cheggitout!