CIS Security Software Certification

Please review the information below to learn more about the CIS Security Software Certification program.

• CIS Certified Vendors
• Why Should My Product(s) Be Certified?
• Who Should Certify?
• How Do I Get Certified?
• Are There Fees Involved?
• CIS Trademarks
• CIS Trademark Guidelines
• To Learn More...
• The CIS Certification Information Packet includes the following:
  • General Information about CIS Certification
  • CIS Software Certification Process Flowchart
  • The CIS Security Software Certification Applications
  • Sample Test Results

CIS Certified Security Software Vendors

The following organizations have been awarded CIS Security Software Certifications for their security software products. To learn more about CIS Certified Security Software, click on the CIS Security Software Certification Members below:

• Belarc, Inc.
• BMC Software, Inc.
• CA, Inc.
• Configuresoft
• nCircle
• NetIQ Corporation
• Opsware Network, Inc.
• Quest Software, Inc.
• Solidcore Systems, Inc.
• Symantec
• Tenable Network Security, Inc.
• Tripwire, Inc.

Why Should My Product(s) Be Certified?

By obtaining CIS certification for your security software you will:

• Be recognized as a Security Software Vendor that sells CIS Certified security software.
  You will be authorized to display the CIS Security Software Certification Mark in your product marketing program. Learn more about the CIS Security Software Certification Mark.

• Receive customer referrals and participate in marketing opportunities.
  More than 20,000 unique visitors tour the CIS website every month for security information and resources. The site features a URL that profiles CIS Certified security tools and provides a link to your company web site. CIS Certified products are profiled on the CIS web page based on the chronological sequence in which the CIS Security Software certification was awarded.

Who Should Certify?

CIS Security Benchmarks are technical configuration standards for operating systems, network devices and applications. The Benchmarks are user originated, widely accepted, and reflect the consensus of expert users worldwide. CIS Certified Security Software Tools have been tested to accurately measure and report the conformity of computer configurations with the technical settings and actions defined in the Benchmarks.

Independent companies develop CIS certified software tools. They are business entities that have no agency, partnership, or joint-venture relationship with CIS. Some make their software commercially available to IT service and consulting companies, as well as corporate and government end users. Others utilize proprietary software in the delivery of secure IT services to their customers.

These companies share a common commitment to provide software that:

• Monitors system security, thus helping to assure that CIS Benchmark security configurations remain in place over time.
• Reports how systems measure up in comparison to the CIS Benchmarks.
• Produces security configuration scores, establishing a basis for setting performance goals, measurably improving system security, and reporting security status to customers and business partners.

Certify your company's security tools if:

• You are a Security Software Vendor that develops and sells security assessment and/or security management software. You will demonstrate this commitment to your customers and make the most of your development resource investment.

How Do I Get Certified?

To obtain CIS certification for its software products, a company must meet the requirements listed below at the time of certification. Compliance with the following requirements must be continuously maintained during CIS Certification.

• Be a CIS Security Software Certification Member in good standing at the Category 1 level membership.
• Select the CIS Security Benchmark(s) for which the company wants to certify its Security Software Tool;
• Develop or adapt the company's Security Software Tool and conduct thorough internal testing to verify that the company's Security Software Tool accurately checks/score/reports as compared to the security configuration recommendations in the chosen CIS Security Benchmark version(s).
• Submit:
  1. completed CIS Security Software Certification Application, including acceptance of the enclosed CIS Certification Trademark Terms of Use;
  2. internal testing reports that explain the company's testing methodology and which definitively demonstrate that the submitted Security Software Tool accurately checks/scores/reports as compared to the Benchmark(s) security configuration recommendations; and
  3. one copy of the Security Software Tool that is to be CIS Certified.
• Have Internet e-mail connection to enable timely and efficient dissemination of information and facilitate communication.
• Keep CIS updated with accurate company contact information and certified product profile information. By assuring that CIS has updated information, you help ensure that appropriate referrals are provided to your organization.

Upon receipt of the Security Software Certification Application, test report documentation, and the Security Software Tool, CIS will review the Application and notify the company as to whether it has obtained CIS Certification for its Security Software Tool. CIS reserves the right to conduct independent testing on the Security Software Tool at any time before or after an award of CIS Certification.

The CIS Security Software Certification process provides a brief overview and flowcharts of CIS certification procedures.

Are There Fees Involved?

There are no fees separate from the CIS Security Software Certification Membership fee of $20,000.

To Learn More...

For more information about the testing and certification process, and to initiate CIS certification for your company's security software, contact:

Steve Piliero at spiliero@cisecurity.org