Consulting Use of CIS Benchmarks, Security Metrics, and Benchmark Audit Tools
- Overview
- Why Does CIS Offer a Consulting Use License?
- How Do I Obtain a Consulting Use License?
- CIS and IT Consultants
- Who's Already Using the CIS Consulting Use License?
- Learn More
Overview
The CIS Consulting Use License gives IT security consultants permission to take advantage of CIS resources, such as CIS Benchmarks, Security Metrics, and Benchmark Audit Tools, in their consulting work. The Consulting Use License enables consultants to:
- Use CIS Benchmarks, Security Metrics, and Benchmark Audit Tools with multiple client organizations.
- Offer clients a rich, detailed framework for evaluating the configuration of target systems and the frequency and nature of security events.
- Benefit from the expertise of IT subject matter experts in areas as diverse as operating systems, databases, and mobile phones.
- Use Benchmark Audit Tools for a rapid, objective assessment of client IT systems.
- Offer clients custom configurations and processes based on Benchmarks, Security Metrics, and Benchmark Audit Tools.
The Consulting Use License can benefit you and your clients if you:
- Provide security consulting services.
- Provide managed IT/security services.
- Provide security auditing services.
Why Does CIS Offer a Consulting Use License?
CIS recognizes that consultants want to bring best practices and tools to multiple client organizations, without necessarily requiring those clients organizations to license materials directly from CIS. The Consulting Use License enables licensed consultants to make full use of CIS resources, without requiring clients to take any special steps. Consultants and clients both benefit.
Note that the Agreed Terms of Use for CIS resources prohibit their redistribution and use for commercial purposes. In part, this is to ensure that end users are always working the latest version of CIS resources developed through the CIS consensus process. The Consulting Use License therefore enables licensed consultants to distribute CIS resources in a controlled, supportive, and legally licensed way.
How Do I Obtain a Consulting Use License?
A license for use of CIS resources in consulting engagements can be obtained by organizations and individuals. There are two licensing options; one for all consultants employed by a consulting / security services company, and one for specific individual consultants / security service providers.
A Consulting / Managed Services Company can obtain a license for all its employees by:
- Enrolling as a CIS Category 2 Consulting Member, which entitles an unlimited number of employees to use CIS resources in an unlimited number of consulting and managed service engagements. The annual fee for Category 2 Membership is $14,000 and the term of the consulting use license is one year from the date of execution. Category 2 Membership also entitles the company to additional significant benefits described on the Membership page.
Individual Consultants can obtain a license by:
- Procuring a license for you, as an individual, to use the CIS resources in an unlimited number of consulting / security service engagements. The annual fee is $3,000 and the term of the license is one year from the date of execution. This license is offered for individuals working in consulting / service companies, as well as for self-employed consultants / service providers. Procurement of the Individual License also entitles you to the rights and benefits of CIS Category 5 Individual Membership described on the Membership page.
Each company or individual must:
- Agree to the terms and conditions of the CIS Consulting Use License Agreement.
- Keep CIS updated with accurate contact and business profile information. By assuring that CIS has updated information, you help ensure that appropriate referrals are provided to your organization.
To learn more about the Consulting Use License, available options, rights and benefits, and/or to view the agreement please contact Laurie Mier at lmier@cisecurity.org.
CIS and IT Consultants
CIS itself does not directly provide consulting and auditing services to end user organizations. Instead, CIS develops Benchmarks, Security Metrics, and Benchmark Audit Tools, and makes these resources, along with user documentation, available to end users, including consultants.
Many companies and individuals make use of the CIS Benchmarks and Benchmark Audit Tools in the security consulting and management services that they provide to clients. These consultants, who are CIS Members, share no agency, partnership, or joint-venture relationship with The Center. However, they do share a common commitment: to help end users do the following:
- Assess how their systems measure up in comparison to the CIS Benchmarks
- Quantify the security configuration of their systems, establishing a basis for setting performance goals, measurably improving system configuration, and reporting security configuration status to customers and business partners.
- Configure their systems based on the Benchmarks recommendations and monitor that the configurations remain in place over time.
Who's Already Using the CIS Consulting Use License?
These leading IT consulting groups and individual consultants have obtained the CIS Consulting Use License in order to better serve their clients.
Organizations with CIS Consulting Use Licenses:
- Data Networks
- HP Technology Solutions Group - Consulting and Integration Organization
- Huawei Technologies Co., Ltd.
- Leviathan Security Group
- Motorola
- Qualys
Individuals with CIS Consulting Use Licenses:
- Avalon Global Solutions
- Ralf Durkee, Durkee Consulting, Inc.
- Jim Powers, Sequris Group, LLC
- Nathaniel Puffer, Neohapsis, Inc.
Learn More
For more information, or to request a license for commercial use of CIS resources, please contact:
Laurie Mier
lmier@cisecurity.org