Service Provider | Consulting

The CIS Security Benchmarks Consulting Use Agreement membership enables IT security consultants to use the Benchmarks, CIS Controls, Metrics, and Configuration Assessment Tools on behalf of multiple security consulting engagements to secure client systems.

The Consulting Agreement allows IT security consultants to help their clients:

  • Assess their systems' security settings
  • Compare their security configuration settings to the Security Benchmarks' recommendations
  • Establish a baseline for setting performance goals
  • Develop customized configuration policies and processes based on Security Benchmarks CIS Controls and Metrics
  • Monitor system security over time
  • Report security compliance status to customers, auditors, and business partners
  • Secure client data in a hosted and/or managed services environment

As an IT Consulting Use Member you may state the following:

MEMBER is a consulting member of the Center for Internet Security, a nonprofit organization that serves a community of organizations and individuals seeking actionable security resources. As part of this community, MEMBER has access to CIS Controls, consensus security configuration benchmarks, software, metrics, and discussion forums where MEMBER is an integral stakeholder in collaborating on security best practices. MEMBER leverages these resources and best practices on


Consulting Use Pricing & Options

Organizational Consulting

The Organizational Consulting Use membership allows employees and consultants unlimited access to the Security Benchmarks resources and CIS Controls internally and in consulting engagements per the terms of the agreement. An Organizational Consulting Membership also entitles the company to additional significant benefits described on the Membership page.

 Annual Membership Fees based on Annual Revenue**

Annual Revenue Range

Annual Membership Fee

$1B +




$10M -$99M


$1M - $9M


$0k - $999K


Individual Consultant

The Individual Consultant membership is offered to an individual working in consulting/audit companies, as well as to a self-employed consultant to use the CIS Security Benchmarks resources and CIS Controls in an unlimited number of consulting and/or security service engagements. This right and use of the resources internally only applies to the named consultant. This option is not available for hosting, cloud, managed services providers or security software vendors.

The annual membership fee for an Individual Consultant is $3,300 USD.**

CIS-CAT Consulting Engagement Membership

This membership allows a single named IT security consultant or auditor to use the CIS Configuration Assessment Tool (CIS-CAT) in support of one or more security consulting, auditing, and managed IT services clients for a 30-day time period.  This membership is for consulting engagements on client system(s) only and not authorized for internal use within the consultant/auditor's organization. The XML and remediation content is not available through this membership. The CIS-CAT Consulting Engagement Membership fee is $495 USD.** Learn more about the terms for this membership.

 ** Pricing subject to change. Where applicable, annual revenue is verified using publicly available information.

Getting Started

A membership agreement is required to use the CIS Security Benchmarks resources and CIS Controls in consulting engagements. The term of the membership and the consulting use agreement is one year from the date of execution. Organizations may sign an agreement to use the CIS Security Benchmarks resources and CIS Controls in consulting and/or auditing engagements and/or hosting and/or managed services offerings. Individuals may sign an agreement to use the CIS Security Benchmarks resources and CIS Controls in consulting and/or auditing engagements.

Please note that the CIS Security Benchmarks Terms of Use prohibits the public from redistributing the resources and/or from using them for any commercial purposes other than the uses in your membership category. This ensures that members are always working with the latest versions of the CIS Security Benchmarks resources and CIS Controls that have been developed through the CIS consensus process. 

The CIS Security Benchmarks program does not directly provide consulting and auditing services to end user organizations. Consulting Use Members are independent of the resources and are not agents of, partners with, nor part of any joint-venture relationship with the CIS Security Benchmarks.


View Roster of Current Security Benchmarks Consulting Members

For more information about CIS Security Benchmarks Membership, contact us


Enroll Now