Commercial Use of CIS Benchmarks and Scoring Tools
|
| To learn more about the CIS Commercial Use License, please select a topic below:
|
Organizations Licensed to use the CIS Benchmarks and Scoring Tools in Security Auditing and Consulting Engagements |
|
CIS Members:
Non-CIS Members:
- Ralf Durkee, Durkee Consulting, Inc.
- Mark Mellis, Mellis & Associates
- Craig Searle, SIFT Party, Ltd. (Australia)
|
Why Should I Obtain A License For Commercial Use Of CIS Benchmarks and Scoring Tools? |
CIS provides a public service to Internet users worldwide. As an end user, you may freely download CIS benchmarks, scoring tools, and other materials from this website and use them to analyze and guide the configuration of your systems. However, the Agreed Terms of Use for CIS resources prohibit their redistribution and/or use for commercial purposes. (The Agreed Terms Of Use can be found at www.cisecurity/sub_form.html and are printed on all CIS benchmarks and tools.)
|
| Who Should Obtain A Commercial Use License? |
CIS develops and distributes consensus configuration benchmarks along with host-based configuration analysis and reporting tools. Guides and case studies are also available from this website to help users understand how to utilize these resources in managing the configuration of their systems. However, CIS does not directly provide consulting and auditing services to user organizations.
Many companies and individuals utilize the CIS Benchmarks and Scoring Tools in the security consulting and management services that they provide in client engagements. They are CIS Members that have no agency, partnership, or joint-venture relationship with The Center. However, they share a common commitment - to help end users:
- Assess how their systems measure up in comparison to the CIS Benchmarks
- Quantify the security configuration of their systems, establishing a basis for setting performance goals, measurably improving system configuration, and reporting security configuration status to customers and business partners.
- Configure their systems based on the Benchmarks recommendations and monitor that the configurations remain in place over time.
Obtain a Commercial Use License if you:
- Provide security consulting services.
- Provide managed IT/security services.
- Provide security auditing services
|
| How Can I Obtain The License? |
To obtain a license for commercial use of CIS resources, an individual or company must:
- Agree to the terms and conditions of the CIS Commercial Use License Agreement.
- Pay a license fee of $3,000 per year for each individual who will be using the CIS resources in his or her security consulting or auditing engagements. (Category 2 Members can obtain the Commercial Use License for any number of employees as a benefit of Membership.)
- Keep CIS updated with accurate contact and business profile information. By assuring that CIS has updated information, you help ensure that appropriate referrals are provided to your organization.
Enrollment as a CIS Member is required before the license agreement is established. The term of the agreement is one year from the date of execution.
|
| What Fees Are Involved? |
The annual license fee is $3,000 per consultant, except in the case of Category 2 CIS Members (Consultants, Auditors, and MSP's) whose annual membership investment entitles them to obtain the Commercial Use License for any number of employees a no additional cost.
|
| To Learn More.... |
For more information, and to establish a license for commercial use of CIS resources, contact:
Steve Kreitner
Director of Member Services
skreitner@cisecurity.org
Phone
406-257-9363 (in the US)
|
