Membership
CIS: Security Expertise Made Affordable
Few companies, government agencies or institutions have the expertise to develop thorough and effective security configuration policies for all their systems. Membership in CIS is an alternative to contracting with a consultant for that service, at a small fraction of the cost. For security specialists who have a wealth of configuration expertise, the Benchmarks are a widely-accepted standard against which to compare an organization's technical control policies. The Benchmarks, which are based on expert consensus, are widely accepted by U.S. government agencies for FISMA compliance, and by auditors for compliance with the ISO standard as well as GLB, SOx, HIPAA, FERPA, PCI, and other the regulatory requirements for information security.
Membership investment sustains CIS and the consensus process. Without the financial support of its members, CIS would not be able to develop, distribute, and maintain its Benchmarks, Metrics, and Benchmark Audit Tools.
- Benefits of CIS Membership
- Who should become a CIS Member?
- What are the different CIS Member categories and fees?
- Do colleges and universities pay discounted membership fees?
- Who are the current CIS Members?
- Membership registration forms
For more information about membership, send a message to Laurie Mier at lmier@cisecurity.org.
Benefits of CIS Membership
CIS Membership gives you the most complete access to all that CIS has to offer. Benefits include:
#1. Access to the CIS-CAT Benchmark Audit Tool, which analyzes the configuration of target systems and returns a score between 1-100 for Benchmark conformity. Report details make it easy to discover which aspects of a target system are out of compliance with a Benchmark. (To learn more about CIS Benchmark Audit Tools, click here.)
#2. The right to distribute the Benchmarks, Benchmark Audit Tools, and CIS Consensus Security Metrics within your organization. (This benefit applies to organizational members, not Individual Members.)
#3. Access to the CIS Members Web Site, including:
- CIS-CAT, XML Benchmark files, and other resources are not available to the general user community;
- A guide for modifying Benchmark XML files for use in CIS-CAT to enable the scanning of member-customized configuration policies that are derived from the Benchmarks.
- Forums for information-sharing, user support, and discussion among members, developers, and the CIS staff.
#4. Timely electronic notification of updates to the Benchmarks, Benchmark Audit Tools, and Consensus Security Metrics.
#5. Enhanced Benchmark and Audit Tool support from CIS staff and developers. In addition to the online knowledgebase and email assistance available to the public, CIS Members benefit from up to two hours of phone support per month, as well as access to documentation found in the Members area Web site. (For more information about support, click here.)
#6. Visibility for your organization's tangible commitment to Internet security through its inclusion in the Roster of Members on the CIS website and promotional materials. To see the current Roster of Members, click here.
#7. The right to use the CIS Membership Mark on your organization's website and documents, establishing its status as a leader formulating better security standards for systems connected to the Internet.
(For information about all CIS marks and usage guidelines, click here.)
#8. Additional Rights and Benefits for all University's:
- Use of CIS resources in the classroom environment for educational purposes.
- Redistribution of CIS resources to enrolled students for use on students’ laptops and desktops. A university may not redistribute CIS resources on its public-facing web site, but may redistribute CIS resources to enrolled students by means which require students to receive and accept the CIS Terms of Use as defined at http://cisecurity.org/en-us/?route=downloads.multiform.
For Security Software Vendors and IT Consultancies
Additional benefits for security software vendors and IT consultancies include:
#1. Eligibility for CIS Security Software Certification (available only for software vendors enrolled as CIS Security Software Certification members). See a list of CIS Certified Software Products..
(For information about all CIS marks and usage guidelines, click here.)
#2. Eligibility for licensing the commercial use of CIS resources (available only for CIS Security Software Certification members, as well as IT Security Consultant and Auditor members). Learn more about the Consulting Use License.
Who Should Become a Member of CIS?
- Users and Organizations who depend on IT systems being secure and reliable;
- Auditors who strive to verify the security of clients' automated IT systems in a way that is consistent with their audit of other standards-based business processes;
- IT Consultants who help clients improve their system security configurations to levels that are widely accepted as prudent due care or best practice;
- Security Software Vendors who market commercially available tools that assess and report the conformity of system security configurations with the settings and actions defined in CIS benchmarks;
- ISPs, Web Hosting Companies, Business-to-Business e-Commerce Exchanges, and others who have a direct stake in minimizing their customers' risk of business disruptions and cyber crime;
- Insurance Companies that strive to minimize the underwriting risk associated with the information assets of the businesses which they insure;
- Network security specialists, firewall administrators, and others whose job it is to ensure the security, privacy, integrity, and availability of information assets under their custodial care.
CIS is a not-for-profit consortium whose funding is not derived from any proprietary product or service.