CIS Security Benchmarks Membership

Security Expertise Made Affordable

Few companies, government agencies or institutions have the expertise to develop thorough and effective security configuration policies for all of their systems. CIS Security Benchmarks membership provides access to high quality, cost-effective resources. The CIS Benchmarks are a widely-accepted standard against which to compare an organization's technical control policies. The CIS Benchmarks are based on expert consensus and are widely accepted by U.S. government agencies for FISMA compliance, and by auditors for compliance with ISO standards as well as PCI, GLB, SOX, HIPAA, and other the regulatory requirements for information security.

 

Enroll Now

For more information about membership, contact CIS Security Benchmarks at members@cisecurity.org

Back to Top

Benefits of CIS Security Benchmarks Membership

CIS Security Benchmarks Membership gives you the most complete access to all that CIS has to offer. Benefits include:

1. Access to the CIS-CAT Benchmark Assessment Tool, which analyzes the configuration of target systems and returns a score between 1-100 for Benchmark conformity. Report details make it easy to identify which aspects of a target system are out of compliance with a Benchmark. To learn more about CIS Benchmark Assessment Tools, click here.

CIS-CAT features:

  • A command line version that eases deployment of the tool for scoring networked systems
  • A version that reads customized input files, enabling you to compare the configuration of your systems with both the CIS Benchmarks and your organization's security configuration policies
  • Ability to scan multiple systems
  • Dashboard Reporting Capability
  • NIST FDCC Validated Scanner (SCAP 1.0)
  • Compatible with NIST's USGCB Windows 7 Content
  • User Guide and XML Customization Guide included

2. The right to distribute the Benchmarks, Benchmark Assessment Tools, and Consensus Security Metrics within your organization.


3. Access to the CIS Security Benchmarks Members Website, including:

  • Development versions of new Benchmarks, CIS-CAT, Benchmark XML files, and other resources which are not available to the general user community
  • Word and Excel versions of Benchmarks
  • A guide for modifying Benchmark XML files for use in CIS-CAT to enable the scanning of member-customized configuration policies that are derived from the Benchmarks
  • Access to benchmarks in XCCDF format, which facilitates automated configuration assessment
  • Automated remediation content for implementing and assessing Benchmark guidance, including;
    • GPOs for Windows 7 & 8 and Windows Server 2008 & 2012 and Internet Explorer 10
    • AIX 5.3 and 6.1 XML for use with AIXPERT
    • HP-UX 11i Bastille Configuration
  • Tutorials and webcasts
  • Member only discussion areas

4. Timely electronic notification of updates to the Benchmarks, Benchmark Assessment Tools, and Consensus Security Metrics.


5. Enhanced Benchmark and Assessment Tool support from staff and developers. Security Benchmarks Members benefit from direct technical support, as well as access to documentation contained in the Members area website. For more information about support, click here.


6. Visibility of your organization's tangible commitment to Internet security through its inclusion in the Roster of Members on the CIS website and promotional materials. To see the current Roster of Members, click here.


7. The right to use the CIS Security Benchmarks Membership Mark on your organization's website and documents, establishing its status as a leader in formulating better security standards for systems connected to the Internet. For information about all CIS marks and usage guidelines, click here.


8. Additional Rights and Benefits for all Universities:

  • Use of CIS Security Benchmarks resources in the classroom environment for educational purposes.
  • Redistribution of CIS Security Benchmarks resources to enrolled students for use on students’ laptops and desktops.  A university may not redistribute CIS resources on its public facing website, but may redistribute CIS resources to enrolled students by means which require students to receive and accept the CIS Security Benchmarks Terms of Use as defined here.


9. Additional benefit for security software vendors:

  • Eligibility for CIS Security Benchmarks Software Certification (available only for software vendors enrolled as CIS  Security Benchmarks Software Certification members). See a list of CIS Certified Software Products. For information about all CIS marks and usage guidelines, click here.


10. Additional benefit for IT consultants:

Back to Top

Who Should Become a Member of CIS Security Benchmarks?

  • Users and Organizations who depend on their IT systems being secure and reliable.
  • Auditors who work to verify the security of clients' automated IT systems in a way that is consistent with their audits of other standards-based business processes.
  • IT Consultants who help clients improve their system security configurations to levels that are widely accepted as prudent due care or best practice.
  • Security Software Vendors who market commercially available tools that assess and report the conformance of system security configurations with the settings and actions defined in CIS benchmarks.
  • ISPs, Web Hosting Companies, Business-to-Business e-Commerce Exchanges, and others who have a direct stake in minimizing their customers' risk of business disruptions and cyber crime.
  • Insurance Companies that aim to minimize the underwriting risk associated with the information assets of the businesses they insure.
  • Network security specialists, firewall administrators, and others whose job it is to ensure the confidentiality, privacy, integrity, and availability of information assets under their custodial care.

 

Enroll Now

 

Back to Top