CIS Security Software Certification Overview

 

CIS Security Software Vendor Members  (Annual Membership Fee - $20,000)
Membership allows security software vendor companies eligibility for CIS Software Certification to use the CIS benchmark content in their products. Membership also allows security consultants and auditors to use the CIS resources in consulting/auditing engagements with external customers.


CIS Security Software Vendor Membership allows a vendor member to obtain up to 50 product certifications each year, and those members may also purchase additional bundles of 10 certifications for $5,000 that may be used accross annual membership periods.


Independent companies develop CIS-certified software tools. They are business entities that have no agency, partnership, or joint-venture relationship with the CIS Security Benchmarks Division. Some make their software commercially available to IT service and consulting companies, as well as corporate and government end users. Others utilize proprietary software in the delivery of secure IT services to their customers.


CIS certified security software tools have been tested to accurately measure and report the conformity of computer configurations with the technical settings and actions defined in the Benchmarks.


CIS Security Software Vendor Members may also use the CIS resources in consulting/auditing engagements with external customers upon signed agreement of a CIS Organizational Consulting Agreement.  To learn more about this agreement type, please visit here.


These companies share a common commitment to provide software that:

  • Monitors system security, thus helping their customers maintain CIS Benchmarks recommended system security configurations.
  • Reports how systems measure up to the CIS Benchmarks' configuration recommendations.
  • Produces security configuration scores, establishing a basis for setting performance goals, measurably improving system security, and reporting security status to customers and business partners.

    • Your company's security tools should be CIS-certified if:

  • You are a security software vendor that develops and sells security assessment and/or security management software. You will demonstrate a strong commitment to consensus-based configuration security recommendations to your customers and make the most of your resource development investments.

    • Back to Top

    Why Should My Company's Product(s) Be Certified?

    By obtaining CIS certification of your security software product(s) you will:

    • Be recognized as a Security Software Vendor that provides CIS-Certified security software.
      You will be authorized to display the CIS Security Benchmarks Software "Certified" Logo in your product marketing program. Learn more about the CIS Security Software Certification Mark.
    • Improve customer identification and brand recognition of your security product(s).
      There are more than 20,000 unique visitors to the CIS website every month for configuration security information and authoritative resources. The site features a URL that profiles CIS Certified security tools and provides a link to your company website.

    Back to Top

    How Can My Company's Product(s) Get Certified?

     

    To obtain CIS Certification of its software products, a company must meet the requirements listed below at the time of certification. Compliance with the following requirements must be continuously maintained during the CIS Certification process.

  • Be a CIS Security Software Vendor Member in good standing;
  • Identify the CIS Security Benchmark(s) and version(s) for which the company wants to certify a specific version(s) of its Security Software Tool(s); and
  • Develop or adapt the company's Security Software Tool and conduct thorough internal testing to verify that the company's Security Software Tool accurately checks/scores/reports as compared to the security configuration recommendations in the associated CIS Security Benchmark(s) version(s).
  • Submit:
    1. A completed CIS Security Software Certification Application, including acceptance of the enclosed CIS Certification Trademark Terms of Use (although repeat acceptance of the CIS Certification TOU becomes unnecessary with a signed and effective CIS Certification Membership Agreement in place);
    2. Internal testing reports that explain the company's testing methodology and which definitively demonstrate that the submitted version(s) of the Security Software Tool(s) accurately checks/scores/reports as compared to the Benchmark(s) version(s) security configuration recommendations; and
    3. One copy of the Security Software Tool that is to be CIS Certified.
  • Maintain an Internet e-mail connection to enable timely and efficient dissemination of information and facilitate communication.
  • Keep the CIS Security Benchmarks Division updated with accurate company contact information and certified product profile information. Continually providing the CIS Security Benchmarks Division with updated company information will help ensure that appropriate referrals are provided to your organization.

    • Upon receipt of the Security Software Certification Application, test report documentation, and the Security Software Tool, the CIS Security Benchmarks Division will review the Application and notify the company as to whether it has obtained CIS Certification for its Security Software Tool. CIS reserves the right to conduct independent testing on the Security Software Tool at any time before or after an award of CIS Security Benchmarks Certification.

    Back to Top

    CIS Security Benchmarks Certification Information Packet

    To apply to have your organization's security software product(s) certified, download and fill out the CIS Security Benchmarks Certification Information Packet. This packets includes the following:

  • General information about CIS Security Benchmarks Certification
  • CIS Security Software Certification Process Flowchart
  • CIS Security Software Certification Application
  • Sample Test Results

    • Back to Top

    For More Information

     

    For more information about the testing and certification process, or to initiate CIS Security Benchmarks Certification for your company's security software product(s), contact us.

    Back to Top


    Enroll Now