Security Benchmarks Membership | Product Vendors

Membership allows product vendors the right to integrate the CIS benchmark content into their security software assessment and/or remediation product(s) and offering(s) and eligibility for CIS Software Certification. In order to represent the product or offering as being CIS certified and/or use the CIS Security Software Certification Trademark in conjunction with the product or offering CIS certification must be awarded. See Security Software Certification Overview below. Membership also allows vendors with security consultants, hosting, cloud and/or managed services products/offerings to use the CIS resources in consulting engagements with external customers and to secure client data in hosted, cloud, and/or managed services environments. A membership agreement is required and all use(s) will be incorporated as applicable to the organization.

 Annual Membership Fees based on Annual Revenue**

Annual Revenue Range

Annual Membership Fee

$1B +

$30,000

$100M - $999M

$25,000

$10M - $99M

$20,000

$1M - $9M

$15,000

$0k - $999K

$9,500

 

** Pricing subject to change. Annual revenue is verified using publicly available information.

Getting Started

A membership agreement is required to use and incorporate the CIS Security Benchmarks resources and CIS Controls into vendor products and offerings. The term of the membership and the agreement is one year from the date of execution. 

Please note that the CIS Security Benchmarks Terms of Use prohibits the public from redistributing the resources and/or from using them for any commercial purposes other than the uses in your membership category.  Also, this is to ensure that members are always working with the latest versions of the CIS Security Benchmarks resources and CIS Controls that have been developed through the CIS consensus process. 

Enroll Now

To learn more about this membership level and to request a copy of the agreement contact us at members@cisecurity.org.

Product Vendor Certification

Product Vendor Member language

As a CIS Security Benchmarks Product Vendor who has been awarded CIS Security Benchmarks Certification you may use the CIS Security Benchmarks Certified Logo and state the following:

MEMBER is a product vendor member of the Security Benchmarks Program at the Center for Internet Security, a nonprofit organization that serves a community of organizations and individuals seeking actionable security resources. MEMBER has incorporated the Security Benchmarks resources and best practices in our products to measure and improve the security posture of our customers and has been awarded CIS Security Benchmarks Certification for the product(s) listed here:[INSERT DEDICATED CIS VENDOR PRODUCT CERTIFICATION PAGE LINK]

As a CIS Security Vendor who uses the CIS Security Benchmarks and CIS Controls and has not been awarded CIS Security Benchmarks Certification you may state the following:

MEMBER is a member of the Security Benchmarks Program at the Center for Internet Security, a nonprofit organization that serves a community of organizations and individuals seeking actionable security resources. As part of this community, MEMBER has access to consensus security configuration benchmarks, software, CIS Controls, metrics, and discussion forums where MEMBER is an integral stakeholder in collaborating on security best practices. MEMBER leverages these resources and best practices to measure and improve our organization's security posture.

Certification Overview

Membership allows product vendor companies eligibility for CIS Certification to use the CIS Security Benchmark content in their products and offerings.

CIS Product Vendor Membership allows vendor members to obtain up to 50 product certifications each year. Those members may also purchase additional bundles of 10 certifications for $5,000 that may be used across annual membership periods.


Independent companies develop CIS-certified software tools. They are business entities that have no agency, partnership, or joint-venture relationship with the CIS Security Benchmarks. Some make their software commercially-available to IT service and consulting companies, as well as corporate and government end users. Others utilize proprietary software in the delivery of secure IT services to their customers.


CIS certified products have been tested to accurately measure and report the conformity of computer configurations and/or remediate with the technical settings and actions defined in the Security Benchmarks.


These companies share a common commitment to provide software that:

  • Monitors system security, thus helping their customers maintain CIS Benchmarks recommended system security configurations.
  • Reports how systems measure up to the CIS Benchmarks' configuration recommendations.
  • Produces security configuration scores, establishing a basis for setting performance goals, measurably improving system security, and reporting security status to customers and business partners.
  • Remediates a customers' system's conformance to CIS Benchmarks recommended security configurations.

Why Certify?

By obtaining CIS certification of your security software product(s) you will:

  • Be recognized as a Product Vendor that provides CIS-Certified security software.
    You will be authorized to display the CIS Security Benchmarks Software "Certified" Logo in your product marketing program. Learn more about the CIS Security Software Certification Mark.

  • Improve customer identification and brand recognition of your security product(s).
    There are more than 20,000 unique visitors to the CIS website every month for configuration security information and authoritative resources. The site features a URL that profiles CIS Certified security tools and provides a link to your company website.

How to Certify with CIS

To obtain CIS Certification of its software and/or remediation products, a company must have an executed agreement in place and meet the requirements listed in the workflow documentation for certification at the time of certification. Compliance with requirements defined in the workflow documentation must be continuously maintained during the CIS Certification process.

Certification for Assessment Product

Certification for Remediation Product

For more information about the testing and certification process, or to initiate CIS Product Vendor Certification for your company's security software product(s), contact us.