CIS is very prescriptive. It gives you a list of very specific checks with very little context. NSA, on the other hand, explains the problems and potential attack vectors allowing you to adjust and extend the checks to your specific needs.