Products & Solutions

The Security Configuration Benchmarks are distributed free of charge in PDF format to propagate their worldwide use and adoption as user-originated, de facto standards. The CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia.

The Benchmarks are:

  • Recommended technical control rules/values for hardening operating systems, middleware and software applications, and network devices;
  • Unique, because the recommendations are defined via consensus among hundreds of security professionals worldwide;
  • Used by thousands of enterprises as the basis for security configuration policies and the de facto standard for IT configuration best practices.

Available to CIS Security Benchmarks Members

In the Downloads section of the CIS Security Benchmarks Member Web site (registered account information required), members will find:

  • CIS-CAT which tests a target systems for conformance with Benchmarks encoded in XCCDF.  CIS-CAT provides IT and security professionals with a fast, detailed assessment of target systems' conformance with CIS Benchmarks. CIS-CAT offers enterprises a powerful tool for analyzing and monitoring the security status of information systems and the effectiveness of internal security controls and processes.
  • CIS Pre-configured Hardened Virtual Images CIS has hardened virtual machine images in the AWS Elastic Compute Cloud (EC2) computing environment.  CIS benchmarks-hardened virtual machine templates, known as Amazon Machine Images (AMIs) in the AWS EC2 cloud, are configured according to the applicable CIS benchmarks. 
  • Word/Excel Versions of the CIS Benchmarks
  • Automated remediation kits for implementing and assessing Benchmark guidance. The content allows you to automatically apply the recommended settings for a particular benchmark.

Learn about CIS Security Benchmarks Membership


Available Free of Charge

On this web site, you'll find: