CIS Benchmarks means consensus based secure configuration guidelines applicable to a variety of operating systems, middleware and software applications, and network devices, designed to assess Member’s network cybersecurity.
CIS Controls means the CIS Critical Security Controls for Effective Cyber Defense, v. 6.1 and later.
CIS SecureSuite Membership means the cybersecurity configuration and remediation membership offerings provided by CIS, as set forth in this Agreement.
CIS SecureSuite Products includes any or all of the following: CIS Benchmarks and CIS Controls in any format provided, CIS-CAT Pro (including CIS-CAT Pro Assessor and CIS-CAT Pro Dashboard as described below), CIS Workbench community site, product guides, remediation content and other products offered by CIS from time to time.
Members means those organizations (including all employees thereof) who purchase a CIS SecureSuite Membership.
Use of CIS SecureSuite Products
Subject to the terms and conditions set forth below, CIS SecureSuite Members and non-members may use:
PDF versions of the CIS Benchmarks in accordance with the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Public License found here.
The CIS Controls and associated guidance documents in accordance with the Creative Commons Attribution-Non Commercial-No Derivatives 4.0 International Public License (the link can be found here).
Other CIS SecureSuite Products made available to non-members by CIS from time to time.
CIS SecureSuite Products Provided As Is
CIS is providing CIS SecureSuite Products “as is” and “as available” without: (1) any representations, warranties, or covenants of any kind whatsoever, including, without limitation, the absence of any warranty regarding: (a) the effect or lack of effect of any SecureSuite Product on the operation or the security of any network, system, software, hardware, or any component of any of them, and (b) the accuracy, utility, reliability, timeliness, or completeness of any SecureSuite Product); or (2) the responsibility to make or notify You of any corrections, updates, upgrades, or fixes.
Intellectual Property and Rights Reserved.
Additional Use Restrictions for SecureSuite Products
Your Responsibility to Evaluate Risks
You acknowledge and agree that: (1) no network, system, device, hardware, software, or component can be made fully secure; (2) you have the sole responsibility to evaluate the risks and benefits of the SecureSuite Products to your particular circumstances and requirements; and (3) CIS is not assuming any of the liabilities associated with your use of any or all of the SecureSuite Products.
You acknowledge and agree that neither CIS nor any of its employees, officers, directors, agents or other service providers has or will have any liability to you whatsoever (whether based in contract, tort, strict liability or otherwise) for any direct, indirect, incidental, consequential, or special damages that arise out of or are connected in any way with your use of any SecureSuite Product.
U.S. Export Control and Sanctions Laws
Regarding your use of the SecureSuite Products with any non-U.S. entity or country, you acknowledge that it is your responsibility to understand and abide by all U.S. sanctions and export control laws as set from time to time by the U.S. Bureau of Industry and Security (BIS) and the U.S. Office of Foreign Assets Control (OFAC).
Additional Terms Applicable to All Members
SecureSuite Membership Benefits
Upon payment of a CIS SecureSuite Membership fee, Members are entitled to the following CIS SecureSuite membership benefits:
- Access to and use of the CIS configuration assessment tool (“CIS-CAT Pro”), including use of the following:
- CIS-CAT Pro Assessor, allowing Member to analyze and score the configuration of Member’s internal information technology systems and obtain a score between 1-100 for conformity against CIS Benchmarks including CIS Benchmark recommendations annotated with one of more of the CIS Controls and subcontrols; and
- CIS-CAT Pro Dashboard, allowing Member to: analyze multiple CIS Benchmarks in a single view for comparison, multiple device reviews; access a CIS Controls view for any annotated CIS Benchmark content; view individual CIS-CAT Pro assessment results, including the ability to create exceptions and recalculate the CIS-CAT Pro assessment; and create individual reporting in multiple formats.
- Timely electronic notification of updates to the CIS SecureSuite Products;
- Enhanced CIS SecureSuite Products from CIS staff and developers;
- At Member’s option, listing of Member on the dedicated CIS SecureSuite Member pages of the CIS public website and in other promotional materials;
- The right to use the CIS SecureSuite membership mark on Member’s websites and documents; and
- Access to any additional CIS SecureSuite Products or other membership benefits offered by CIS from time to time.
Distribution of SecureSuite Products by Member
CIS hereby grants to each Member in good standing the right to distribute the SecureSuite Products within such Member's own organization, whether by manual or electronic means. Each such Member acknowledges and agrees that the foregoing grants in this paragraph are subject to the terms of any membership arrangement with CIS and may, therefore, be modified or terminated by CIS at any time.
Unless otherwise specified in an Agreement, purchase order or invoice, a Member’s CIS SecureSuite Membership shall run for a period of one year after receipt of payment for the CIS SecureSuite Membership fee (the “Term”). Unless renewed, a Member’s membership rights shall terminate upon the end of the Term.
No Reimbursement of Membership Fees
In the event that a CIS SecureSuite Member terminates its membership prior to the end of the Term, Member shall not be entitled to any reimbursement of membership fees or certification fees, unless: (1) Member terminates its membership for cause under the terms of its Agreement; or (2) CIS terminates Member's membership for convenience, in which case CIS shall reimburse Member a prorated amount of the Member's membership fee applicable to the Term and any unused certification fees, if applicable.
Additional Terms for CIS Configuration Assessment Tool (CIS-CAT) Consulting Engagement Membership
- CIS-CAT usage shall be for use on Your client systems only as part of a consulting engagement, and may not be used internally within Your organization or business.
- CIS-CAT usage shall be limited to one designated individual/named consultant only.
- CIS-CAT Documentation includes, but is not limited to CIS-CAT Users Guide, CIS-CAT XML Customization Guide, CIS-CAT Tutorials, Help Options and any other associated documents contained in the CIS-CAT download file.
- CIS SecureSuite staff support is available by email only for help downloading, running and/or reporting bugs/errors related to CIS-CAT as part of the membership benefits of a CIS-CAT Consulting Engagement Membership. CIS Benchmarks staff support for implementing and/or customizing the tool is not included. CIS-CAT Documentation is available to support the use and customization of the tool.
- Your CIS-CAT Consulting Engagement Membership will begin upon completion of payment and will expire 30 days thereafter. Following receipt of payment, an email will be sent to You with information to access CIS-CAT and CIS-CAT Documentation. The details of Your start date and expiration date will also be included. If within 30 days following the expiration of this membership period, You wish to purchase an annual CIS SecureSuite Organizational Consulting or Named Consultant membership, CIS will credit the $495 CIS-CAT Consulting Engagement Membership Fee towards that annual membership fee.