The Center for Internet SecurityThe Center for Internet Security Site MapContact UsPrivacy Policy
The Center for Internet Security
HomeNewsWhat is CIS?Benchmarks/ToolsOther ResourcesJoin UsTestimonialsFAQ
CIS Members site

Become a Member of CIS - Click here for more info

More than 170 members, from around the wrold! Click here for more info

Get Involved - Click here for more info



CIS certifies commercial software. Click here for more info

CIS licenses resources for commercial use. Click here for more info.

click here to find out about CIS trademarks.

Click here to find out about upcoming conferences and events!

 Benchmarks/Tools
The Consensus Process at Work
As a user driven organization, CIS is always in need of qualified and motivated individuals to help us do our work. Below are some common questions we get from people who are interested in learning more about our development process and how they can get involved.
How are the CIS Benchmarks developed?
The CIS Benchmarks are developed by teams of information security experts from the public, private, and academic sectors. Most development teams communication takes place via e-mail. Conference calls are held periodically to discuss in depth technical issues.

The phases of the Benchmark development process are as follows:

Initial Benchmark draft --> Core team consensus --> CIS members consensus --> Public release --> Maintenance of "broad end-user consensus" through periodic updates.

The objective is to provide consensus configuration Benchmarks that are user originated, continuously updated, and globally accepted. Participation by you and you colleagues is the key to success.

Click Here for a flowchart depicting the Benchmark development process.
Can I get involved?
The consensus effort is an opportunity for CIS members to contribute their technical input and to learn from the many others who participate.

CIS maintains a special web page where the names of individuals and organizations that have volunteered their time are listed. Click Here to view that page.

If you are interested in learning more about how to get involved in the CIS Benchmark development process, please contact Blake Frantz by by email at bfrantz@cisecurity.org

How can I fit this into my busy schedule?
You need not participate in the conference calls to be a productive member of the team. You are free to contribute as little or as much of your time as you wish. Because most of the discussion takes place via e-mail, you can submit your feedback and responses when it is convenient for you to do so.
What Benchmarks are currently in release and which ones are under development?
Click Here to see the list of Benchmarks currently in public release.
New Benchmarks and Scoring Tools in development:
  • CIS-CAT SCAP Validation
New Benchmarks and Benchmark Updates planned for 2008:
  • Apache Tomcat 5.5 / 6.0 (New)
  • Multi-Function Print Devices (New)
  • Microsoft Office 2003 / 2007 (New)
  • Microsoft Office Sharepoint Server 2007 (New)
  • Sybase ASE 15.0.x (New)
  • Microsoft Windows Server 2008 (New)
  • Web Browsers (New)
  • Microsoft IIS7 (New)
  • Microsoft Windows 2003 (Update)
  • RedHat Enterprise Linux 5 (Update)
  • Windows 2000 (Update)
  • Bind (Update)
  • Slackware Linux (Update)
  • VMware ESX virtual Infrastructure (Update)
Are there any consensus teams that need more help than others?
CIS, along with MITRE and several industry and end user partners, are currently involved in the creation of an XCCDF/OVAL Editor tool. We are in need of Java developers to assist with this project.

Click Here for more information and to learn how you can get involved.



Logo and Design by Keiler
2005, the Center for Internet Security.