Bookmark and Share

About CIS

Overview

CIS is a community of:

  • Professionals with IT security expertise who share their knowledge and experience with others to develop best practice guidance for the global Internet community.
    More than 1,100 subject matter experts (SMEs) have participated in the development of more than 50 consensus security configuration benchmarks for operating systems, software applications, network devices and mobile devices. Hundreds of SMEs are participating in development of the consensus-based IT security metrics definitions.
  • Professionals whose corporations, organizations and government agencies are CIS Members, or who are Individual Members of CIS.
    Through their accounts on the CIS Members web site, more than 2,300 people have direct access to CIS-CAT, Benchmarks with enriched content in machine-readable format, and the technical discussion forums. Because they provide the financial support that enables CIS to develop and distribute consensus-based security resources, they influence the priority with which the Center allocates its development resources to specific projects. Corporate and government leaders collaborating in a virtual public-private partnership.

Through CIS consensus-building initiatives end-user enterprises from:

  • all levels of government
  • colleges and universities
  • corporations in nearly all sectors of business and industry

. . . collaborate with . . .

  • developers of commercial software and hardware
  • IT security software companies, consultants and managed service providers

. . .to help enterprises around the world manage the risks related to information security by providing methods and tools to measure, monitor and improve the security status of their Internet-connected IT systems and devices.

CIS is a not-for profit organization.

Back to Top

Mission

The Center's mission is to establish and promote the use of consensus-based standards to raise the level of security and privacy in Internet-connected systems, and to ensure the integrity of the business, government and private Internet-based functions and transactions on which society increasingly depends. CIS is an independent organization governed by a volunteer Board of Directors; it is not owned or controlled in full or part by any corporation or government entity.

Back to Top

CIS Resources

CIS develops and distributes:

  • Security Configuration Benchmarks describing consensus best practices for the secure configuration of target systems. Configuring IT systems in compliance with these Benchmarks has been shown to eliminate 80-95% of known security vulnerabilities. The Benchmarks are globally used and accepted as the de facto user-originated standard for IT security technical controls.
  • Benchmark Audit Tools for assessing compliance with CIS Benchmarks.
  • Security Metrics that offer enterprise IT and security teams insight into their own security process outcomes.

Plans are underway for development of additional resources to meet the needs of the CIS Community.

Back to Top

CIS Officers and Board of Directors

Officers:

John Gilligan, President, Gilligan Group, CIS Board Chairman
Jack Arthur, Partner, Octo Consulting Group, CIS Treasurer
Clint Kreitner, CIS Assistant Treasurer
Steve Kreitner, CIS Secretary
Bert Miuccio, CIS President and CEO

Directors:

Ramon Barquin, President and CEO, Barquin International
Karen Evans, Partner, KE & T Partners, LLC
Bruce Moulton, VP Information Technology Manager, National Grand Bank
Alan Paller, Director of Research, SANS
Franklin Reeder
Phil Venables, Managing Director and Chief Information Risk Officer, Goldman Sachs

Back to Top

CIS Business Model

The Center's business model is based on global community support in the form of (1) security subject matter experts who voluntarily participate in the development of CIS consensus-based resources and (2) membership investment from organizations and individuals. All the Center's initiatives are currently funded solely from membership fees. Volunteer SMEs participate extensively in the CIS community's development of consensus-based resources, so all of the consensus configuration benchmarks and metric definitions are distributed free of charge to the Internet community via the CIS web site. Some additional resources, such as CIS-CAT and benchmarks with enriched content in machine-readable format, are developed at the behest of CIS Members exclusively by paid contractors, with no involvement by community volunteers. These resources are distributed only to CIS members via the Members web site.

CIS Milestones (PDF)

Back to Top

The Terms of Use under which CIS Resources Are Distributed

A variety of valuable use cases for the CIS benchmarks and security metrics definitions are enabled via the Terms of Use under which they are distributed free of charge to the Internet community.

For example, the benchmarks are widely used by security professionals as a key resource in guiding the development or reviewing system/device configuration policies in their enterprises. The metrics are becoming increasingly used as a resource for defining the outcome and process data enterprises collect and utilize for security program and risk management decision support.

One may download them directly from the CIS web site onto his or her computer, and may create and distribute hard copies of the guides, without alteration, to his or her colleagues. However, the Terms of Use includes some restrictions as well. For example, electronic distribution in any form is prohibited. This restriction serves two objectives; (1) because CIS resources are updated periodically this restriction helps ensure that user communities are not exchanging out-of-date configurations guidance, and (2) it provides employees of member organizations that provide financial support for development of the resources the added convenience and efficiency of distributing them electronically within their enterprises.

Terms of Use for Downloading CIS Resources

For a complete list of the terms and conditions under which you may download CIS resources, please refer to the Terms of Use Agreement.

Distribution Rights and Terms of Use for CIS Members

To compare the Terms of Use that apply to CIS Members to the Terms of Use that apply to the Internet Community at large, please see the table on our Membership Categories page.

Commercial Certification

For a description of the program and terms under which CIS licenses the commercial use of the resources for integration into security software products, please see our Certified Software Vendors page.

Consulting Use License

For a description of the program and terms under which CIS licenses the commercial use of the resources to consultants and service providers as resources in their client engagements, please see our Consulting Use License page.

Back to Top

Staff

Clint Kreitner, Strategic Adviser

As a recognized leader in the effective and secure use of information technology as a critical resource in the enterprise setting, Clint Kreitner’s counsel is sought internationally by enterprise leaders and IT professionals.  His unique mix of executive experience and technical expertise makes his advice particularly valuable to CIS Members.

Clint served as the Founding President/CEO of the Center for Internet Security from 2000-2008.   Previously, during nearly forty years as a senior executive leader, he was President of a multi-hospital region of Adventist Health System and a member of its Board of Directors, the founder and president of two computer software and services firms, Director of Computer Aided Ship Design for the Navy, and Director of the Design Division of the Pearl Harbor Naval Shipyard.  He is a graduate of the U.S. Naval Academy, Webb Institute, and American University.

Blake Frantz, CTO

Blake Frantz is the CTO for The Center for Internet Security where he leads the Center's benchmark and audit tool development programs. Before joining CIS, Blake was a founding principal of Leviathan Security Group, where he performed security assessments and code reviews of prevalent operating systems such a Windows 7 and Server 2008, e-voting platforms, social networking sites, and web store fronts. Prior to Leviathan, Blake was a senior security engineer at a Fortune 100 financial services organization, where he was responsible for leading vulnerability assessments of critical financial systems. Blake has authored and edited papers and tools on the topics of reverse engineering, vulnerability discovery, and exploitation for the Uniformed Journal; has conducted international trainings on secure coding practices and fuzzing at BlackHat, CanSecWest, and BA-CON; and is a contributor to the book Hacking Exposed: Windows, third edition. Blake is a member of the Open Vulnerability and Assessment Language (OVAL) board and the IETF's HTTPSTATE Working Groups.

Steven Piliero, CSO

Before joining CIS in 2008, Steven Piliero was executive for a Fortune 100 financial services organization, where he developed and managed enterprise-wide governance, network, systems, and application security programs. Two of the security and program solutions he helped develop were credited with putting the company on the InformationWeek500 list, an annual ranking of the most innovative users of business technology in the nation. He has designed and deployed international, multi-site network, security, management, and infrastructure for some of the world's largest organizations. In addition, he initiated and co-developed successful security solutions with three of the top security solution vendors.

A Certified Information Systems Security Professional and Certified Information Security Manager, Mr. Piliero has contributed to NIST and NSA security standards, and is an active member of the Information Systems Audit and Control Association and the Information Systems Security Association.

Michelle Vogeler, Member Representative

Michelle Vogeler draws upon her 7+ years of customer relations, administrative, and marketing experience in her work with CIS Members. Joining CIS in 2008, Vogeler's primary focus is to ensure that CIS Member's support requests and other needs are resolved efficiently and effectively. Prior to joining CIS, Vogeler held several office manager and administrative assistant positions in a variety of business settings.

Steve Kreitner, Director of Member Relations and General Counsel/Corporate Secretary

Steve Kreitner brings to CIS more than 15 years of customer relations, legal, and management experience in the non-profit business setting. At CIS, Kreitner is responsible for Member Recruitment and Relations and is particularly dedicated to maximizing the CIS membership value for each CIS member. In addition, Kreitner handles CIS's contractual and other legal matters.

Prior to joining CIS in 2003, Kreitner was Director of Risk Management and the Institutional Review Board at Florida Hospital, a 7-campus, 1,750-bed hospital in Orlando, Florida. Kreitner earned his J.D. degree in 1992 from the University of Baltimore and is licensed to practice law in Montana.

Laurie Mier, Administrative Specialist

Laurie Mier brings 10 years of management and customer relations experience to her role at CIS, where she works directly with CIS members. In her primary role at CIS, Mier provides administrative support by responding to inquiries, maintaining member records, and explaining CIS benefits to new enrollees. In addition, she will help the organization refine its workflows and processes to ensure overall satisfaction.

Before joining CIS, Mier coordinated special events and fund-raising activities for boards and volunteer committees. Additionally, she has excelled with project management and back office operations at multiple companies.

Bert Miuccio, President/CEO

Bert Miuccio brings more then two decades of leadership and operational experience in building successful non-profit organizations. As President/CEO, Miuccio leverages his leadership and business development background to foster collaboration among CIS members, developers, and enterprise users worldwide in discerning their emerging security needs and creating products and services to meet those needs. Since joining CIS in 2001, Miuccio has played an integral role in establishing a broad base of CIS members from industry, government, education, and the IT security software and services sector.

Prior to joining CIS, Mr. Miuccio led the transformation and expansion of several healthcare companies including CentraCare, Workability and Reading Rehabilitation Hospital. Earlier in his career, he served as director of development for several Pennsylvania-based non-profit organizations.

Back to Top

Questions?

If you have questions about CIS you have not found on this Web site, please write to us at feedback@cisecurity.org.

Back to Top