The Center for Internet SecurityThe Center for Internet Security Site MapContact UsPrivacy Policy
The Center for Internet Security
HomeNewsWhat is CIS?Benchmarks/ToolsOther ResourcesJoin UsTestimonialsFAQ
CIS Members site

Become a Member of CIS - Click here for more info

More than 170 members, from around the wrold! Click here for more info

Get Involved - Click here for more info



CIS certifies commercial software. Click here for more info

CIS licenses resources for commercial use. Click here for more info.

click here to find out about CIS trademarks.

Click here to find out about upcoming conferences and events!

 Testimonials


What Members Say About CIS

"My company had the privilege to become one of the charter members of CIS. We support the Center financially, as well as with our participation in the technical work. If you have not done so yet, I very strongly urge you to become an active member in this important organization. It's well worth the investment."
- Eddie Rabinovitch
Vice President, Network Engineering
Cervalis
"Consensus efforts always provide a valuable place to start improving your own security. I welcomed the opportunity to join CIS. I want to be sure that any consensus includes by own input as well!"
- Gary McIntyre
Information Security Consultant
IBM Global Services
"The CIS collaborative approach will help fill security knowledge gaps. "A single company can't always experience all the things that go wrong. It's just impossible."
- Donna Francis
Systems Performance and Compliance Manager
Subaru of America. Inc.
"The consensus process is creating big time buy-in. Everyone wants to be heard. Everybody wants to have a voice in developing solutions to the security challenges that confront all of us."
- Fred Kerby
Information Systems Security Manager
Naval Surface Warfare Center, Dahlgren Division
"Security consultants and vendors are not in agreement on what needs to be done. The Center helps me have confidence that I'm targeting the most important aspects of security first."
- Patricia Wilson
Manager, Information Security Services
Caterpillar, Inc.
"The work that The Center is doing will improve auditors' ability to assure the validity of information that is critical to an organization's mission and value."
- Charles H. LeGrand
Director, Technology Practices
The Institute of Internal Auditors
"I appreciate the time and effort put into the consensus development process. It makes me extremely satisfied to be a member of the Center for Internet Security!"
- Ed Slusarski
IT Audit Manager
NACCO Industries, Inc.


What Users Say About the CIS Benchmarks


"CIS is providing consensus benchmarks to help us achieve a measurable level of security in our technical systems. We envision the CIS benchmarks becoming the technical complement to standards such as ISO 17799, the International Security Standard.
- Iris Patton
Regional Information Security Coordinator
Shell Information Technology International
Americas Region


"Group consensus allows all of us to measure our efforts to a neutral, uncontroversial standard, and it is from that standard that a good definition of "due care" can be derived. Without that consensus, who can say how much we should do to protect ourselves?"
- Gary McIntyre
Information Security Consultant
IBM Global Services
"CIS is a global cooperative initiative through which industry, government, and research leaders are establishing basic operational security benchmarks and keeping them up to date. Its benchmarks set a level of prudent practice that has been desperately needed for a long time, not only within the department, but throughout the IT community."
- Linda Burek
Deputy Assistant Attorney General
Information Resources Management
U. S. Department of Justice
"Organizations have a broad spectrum of computing architecture but have no set of security standards that are universally accepted as best practice. CIS benchmarks give us a common language -- a baseline from which to speak -- that we either meet the standards or we don't."
- Fred Kerby
Information Systems Security Manager
Naval Surface Warfare Center Dahlgren Division
"At a technical level, experts from around the world agree that CIS benchmarks represent a consensus prudent due care guideline that sets the stage for protection against regulatory sanction and prosecution."
- Charles H. LeGrand
Director, Technology Practices
The Institute of Internal Auditors
"I believe that security will be enhanced as organizations adopt the CIS benchmarks. In today's world of eBusiness and increasing networking between companies, the benchmarks are an enabling mechanism for establishing trust between networked sites and trading partners."
- Iris Patton
Regional Information Security Coordinator
Shell Information Technology International - Americas Region


What Users Say About The Solaris Benchmark & Scoring Tools


"The Solaris Benchmark and scoring tools provide a LOT of value. And downloading and installing them was a very simple process. They are an excellent resource to draw from when reviewing the Sun systems being added to our site."
- Bob Pete
IT Security Consultant
Agilent Technologies
"I found the tool extremely useful in assisting in hardening our DMZ systems. Even more important though was the documentation provided. You just didn't say, "do this because we know better", you explained why it should be done. I feel that makes the Benchmark tool more valuable than almost anything else out there.
- Ken McKinlay
Engineering Systems Administrator
DY4 Systems
"The scoring tools are extremely valuable. To have the Benchmark tool and Sara give me the info I need in one short session is great and will save me innumerable hours of work. Thanks for making this available to us!!"
- Barry Schech
LAN Administrator
National Institute on Drug Abuse
"The CIS Solaris Benchmarks are a welcome find! I've tightened security by applying many of the suggestions from the tool. Being a Health Care organization, we are facing many new security challenges regarding HIPAA and this will only help in our battle to meet the new requirements that will be placed upon us by that act. Thanks for a tool that has real world functionality."
- Mike Parent
Network Administrator
Mt. Clemens General Hospital
"The tool is very helpful and gave quick and easy insight into ones systems security levels, which then need to be evaluated at each site for changes and configurations that need to be made."
- Jerry Poulsen
IT Manager
Utah State University
"The Benchmark is a very good Solaris security hardening reference including simple "how to" steps as well as clear explanations of the vulnerabilities. The CIS scan tool is an easy to use and quick way to evaluate many systems and verify their level of security."
- André Plante
Technical Security Branch
Royal Canadian Mounted Police
"I've always thought I did a pretty good job of securing my boxes. After running your tool, I've discovered that my systems are pretty tight (which makes me breath a sigh of relief), but there is still room for improvement. The Solaris Benchmarks Tool pointed out several areas that I had overlooked."
- Jeffrey Isherwood
Senior Security Engineer, UNIX systems
Air Force Research Laboratory, Rome Research Site
"The tool actually helps ! One can quickly identify the weaknesses present on a system and focus on those, without wasting time checking out commonly known vulnerabilities that are solved anyway by default. It's all about prioritization and putting focus on actual risks. I'm anxious to test your tools for other OS versions!"
- Regis Stievenard
Consultant
PricewaterhouseCoopers
"I think this is a great tool. I'm so glad to finally have documentation all in one place for steps to take. The document is very self-explanatory and gives me all the information I need to supplement our own installation procedures when (re)building our machines."
- Laurie Zirkle
System Administrator
Virginia Tech


What Users Say About The Windows 2000 Benchmark & Scoring Tool


"I was able to download the Windows 2000 Benchmark and Scoring Tool, install the package, and obtain my first results in less than an hour. Thorough, illustrated instructions guided me step-by-step from download to interpretation of the results."
- Brian Spindel
Information Systems Auditor
Tulane University
"Use of the CIS Windows 2000 benchmark scoring tool drastically reduces the time and effort required to manually audit each server for configuration and patch revision history, and saves having to write custom ADSI toolsets to automate this function across the Windows 2000 Enterprise."
- Arian J. Evans
Senior Information Systems Security Engineer
U.S. Central Credit Union
"The CIS benchmark score provides instant feedback on the security of a Windows 2000 system. It is a clear, concise report that managers and auditors can use to rate their organization's system security. The benchmark document provides the system administrators with a clear set of action items that need to be performed to raise the level of security. It is a great tool!"
- Randy Marchany
Director of CIRT, Appliance & Network Defense Initiative
Virginia Tech
"Cervalis implements multi-layer security measures to protect our infrastructure as well as our customers' servers. The Windows 2000 security template developed by CIS is extremely helpful for setting up our managed customers with an adequate due care level of security to protect them from outside threats. It also protects the Internet from abuse that could come from a zombie inside one of our customer’s servers, should one ever be compromised. "
- Eddie Rabinovitch
Vice President, Network Engineering
Cervalis, Inc.
"The CIS Win2000 Benchmark and Scoring Tool provide reliable measuring sticks to test security. Operating as a small business, independent consultant, I can't spend the time on security measures that always-on Internet access really demands. The CIS Win2000 Benchmark and Scoring Tool has helped me to find and fix the gaps in my defenses in just two evenings. Now I know I am better protected, and I can prove this diligence to my clients. We should look forward to the time when all operating systems on the Internet are equally well protected, according to the uniform standards established by the Center for Internet Security."
- Tony Williams
Security Consultant
"I used the tool to assess a computer that recently had been upgraded from Windows 98 to Windows 2000 Service Pack 2. Of the 10 points available, my test system scored only 1.7….. After I downloaded and installed eight hot fixes and used the configuration template, my test system scored a 10 upon reassessment…..The CIS scoring tool is useful for any auditor who would like a fast, easy method to assess a Windows 2000 computer’s basic level of defense against intrusion."
- Brian Spindel
Information Systems Auditor
Tulane University

Logo and Design by Keiler
© 2005, the Center for Internet Security.