CIS SecureSuite Membership Terms of Use

The Following Terms of Use apply to the use of CIS SecureSuite Products (as defined herein below) by both CIS SecureSuite Members and non-members using SecureSuite Products.  As a user of SecureSuite Products  (“You”), You hereby agree to be bound by these Terms of Use. CIS SecureSuite Members hereby agree that by accepting CIS SecureSuite Membership, their organization and the employees of that organization are hereby bound by these Terms of Use.

Definitions

CIS Benchmarks means consensus based secure configuration guidelines applicable to a variety of operating systems, middleware and software applications, and network devices, designed to assess Member’s network cybersecurity.

CIS Controls means the CIS Critical Security Controls for Effective Cyber Defense, v. 6.1 and later.

CIS SecureSuite Membership means the cybersecurity configuration and remediation membership offerings provided by CIS, as set forth in this Agreement.

CIS SecureSuite Products includes any or all of the following:  CIS Benchmarks and CIS Controls in any format provided, CIS-CAT Pro (including CIS-CAT Pro Assessor and CIS-CAT Pro Dashboard as described below), CIS Workbench community site, product guides, remediation content and other products offered by CIS from time to time.

Members means those organizations (including all employees thereof) who purchase a CIS SecureSuite Membership.

Terms of Use Applicable to CIS SecureSuite Member and Non-Members

Use of CIS SecureSuite Products

Subject to the terms and conditions set forth below, CIS SecureSuite Members and non-members may use:

PDF versions of the CIS Benchmarks in accordance with the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Public License found here.

The non-Member portions of the CIS Workbench community site, subject to the site’s Terms of Use found here.

The CIS Controls and associated guidance documents in accordance with the Creative Commons Attribution-Non Commercial-No Derivatives 4.0 International Public License (the link can be found here).

Other CIS SecureSuite Products made available to non-members by CIS from time to time.

CIS SecureSuite Products Provided As Is

CIS is providing CIS SecureSuite Products “as is” and “as available” without: (1) any representations, warranties, or covenants of any kind whatsoever, including, without limitation, the absence of any warranty regarding:  (a) the effect or lack of effect of any SecureSuite Product on the operation or the security of any network, system, software, hardware, or any component of any of them, and (b) the accuracy, utility, reliability, timeliness, or completeness of any SecureSuite Product); or (2) the responsibility to make or notify You of any corrections, updates, upgrades, or fixes.

Intellectual Property and Rights Reserved.

You are not acquiring any title or ownership rights in or to any CIS SecureSuite Product, and full title and all ownership rights to the SecureSuite Products remain the exclusive property of CIS.  All rights to the SecureSuite Products not expressly granted in these Terms of Use are hereby reserved.

Additional Use Restrictions for SecureSuite Products

You acknowledge and agree that except as otherwise expressly permitted in these Terms of Use,  You may not: (A) decompile, disassemble, alter, reverse engineer, or otherwise attempt to derive the source code for any CIS SecureSuite Product (except to the extent that such product is already in the form of source code); (B) sell, rent, lease, sublicense or otherwise transfer or exploit any rights to any CIS SecureSuite Product in any way or for any purpose; (C) post any CIS SecureSuite Product on any website, bulletin board, ftp server, newsgroup, or other similar mechanism or device; (D) remove from or alter the terms of use or any proprietary notice placed on any CIS SecureSuite Product; (E) create any derivative work based directly on an CIS SecureSuite Product or any component thereof; (G) represent or claim a particular level of compliance or consistency with any CIS SecureSuite Product; or (H) facilitate or otherwise aid other individuals or entities in violating the Terms of Use.

Your Responsibility to Evaluate Risks 

You acknowledge and agree that:  (1) no network, system, device, hardware, software, or component can be made fully secure; (2) you have the sole responsibility to evaluate the risks and benefits of the SecureSuite Products to your particular circumstances and requirements; and (3) CIS is not assuming any of the liabilities associated with your use of any or all of the SecureSuite Products.

CIS Liability 

You acknowledge and agree that neither CIS nor any of its employees, officers, directors, agents or other service providers has or will have any liability to you whatsoever (whether based in contract, tort, strict liability or otherwise) for any direct, indirect, incidental, consequential, or special damages that arise out of or are connected in any way with your use of any SecureSuite Product.

Indemnification 

You agree to indemnify, defend, and hold CIS and all of CIS's employees, officers, directors, agents and other service providers harmless from and against any liabilities, costs, and expenses incurred by any of them in connection with your violation of these CIS SecureSuite Terms of Use.

Jurisdiction

You acknowledge and agree that: (1) these CIS SecureSuite Terms of Use will be governed by and construed in accordance with the laws of the State of New York; (2) any action at law or in equity arising out of or relating to these CIS SecureSuite Terms of Use shall be filed only in the courts located in the State of New York; and (3) you hereby consent and submit to the personal jurisdiction of such courts for the purposes of litigating any such action.

U.S. Export Control and Sanctions Laws

Regarding your use of the SecureSuite Products with any non-U.S. entity or country, you acknowledge that it is your responsibility to understand and abide by all U.S. sanctions and export control laws as set from time to time by the U.S. Bureau of Industry and Security (BIS) and the U.S. Office of Foreign Assets Control (OFAC).

Privacy

Use of the CIS website and the Workbench site in connection with use of CIS SecureSuite Products is governed by the terms of CIS’s Privacy Policy.

Additional Terms of Use for CIS SecureSuite Members

Additional Terms Applicable to All Members

SecureSuite Membership Benefits

Upon payment of a CIS SecureSuite Membership fee, Members are entitled to the following CIS SecureSuite membership benefits:

  1. Access to and use of the CIS configuration assessment tool (“CIS-CAT Pro”), including use of the following:
    1. CIS-CAT Pro Assessor, allowing Member to analyze and score the configuration of Member’s internal information technology systems and obtain a score between 1-100 for conformity against CIS Benchmarks including CIS Benchmark recommendations annotated with one of more of the CIS Controls and subcontrols; and
    2. CIS-CAT Pro Dashboard, allowing Member to: analyze multiple CIS Benchmarks in a single view for comparison, multiple device reviews; access a CIS Controls view for any annotated CIS Benchmark content; view individual CIS-CAT Pro assessment results, including the ability to create exceptions and recalculate the CIS-CAT Pro assessment; and create individual reporting in multiple formats.
  2. Unlimited access to and use of the CIS Workbench for access to CIS SecureSuite Products, including forums for information sharing, user support, and discussions among members, developers, and CIS staff, subject to the CIS Workbench site’s Terms of Use;
  3. Timely electronic notification of updates to the CIS SecureSuite Products;
  4. Enhanced CIS SecureSuite Products from CIS staff and developers;
  5. At Member’s option, listing of Member on the dedicated CIS SecureSuite Member pages of the CIS public website and in other promotional materials;
  6. The right to use the CIS SecureSuite membership mark on Member’s websites and documents; and
  7. Access to any additional CIS SecureSuite Products or other membership benefits offered by CIS from time to time.

Distribution of SecureSuite Products by Member

CIS hereby grants to each Member in good standing the right to distribute the SecureSuite Products within such Member's own organization, whether by manual or electronic means.  Each such Member acknowledges and agrees that the foregoing grants in this paragraph are subject to the terms of any membership arrangement with CIS and may, therefore, be modified or terminated by CIS at any time.

Membership Agreement

For those CIS SecureSuite Members whose membership is governed by a CIS SecureSuite Membership Agreement (“Agreement”) or by additional terms and conditions attached to a purchase order or invoice, in addition to these Terms of Use, Member shall be subject to the terms and conditions of that Agreement, purchase order or invoice.  To the extent any conflict exists between these Terms of Use and the terms of the Agreement or those contained in a purchase order or invoice, the terms of the Agreement, purchase order or invoice (as applicable) shall apply.

Membership Term

Unless otherwise specified in an Agreement, purchase order or invoice, a Member’s CIS SecureSuite Membership shall run for a period of one year after receipt of payment for the CIS SecureSuite Membership fee (the “Term”).  Unless renewed, a Member’s membership rights shall terminate upon the end of the Term.

No Reimbursement of Membership Fees

In the event that a CIS SecureSuite Member terminates its membership prior to the end of the Term, Member shall not be entitled to any reimbursement of membership fees or certification fees, unless: (1) Member terminates its membership for cause under the terms of its Agreement; or (2) CIS terminates Member's membership for convenience, in which case CIS shall reimburse Member a prorated amount of the Member's membership fee applicable to the Term and any unused certification fees, if applicable.

Additional Terms for CIS Configuration Assessment Tool (CIS-CAT) Consulting Engagement Membership

The CIS-CAT Consulting Engagement Membership is for the use of CIS-CAT in consulting engagements only, and by one named consultant/individual within a consulting/audit firm only, and not for internal organizational use. This membership is governed by the following Terms of Use.

  • CIS-CAT usage shall be for use on Your client systems only as part of a consulting engagement, and may not be used internally within Your organization or business.
  • CIS-CAT usage shall be limited to one designated individual/named consultant only.
  • CIS-CAT Documentation includes, but is not limited to CIS-CAT Users Guide, CIS-CAT XML Customization Guide, CIS-CAT Tutorials, Help Options and any other associated documents contained in the CIS-CAT download file.
  • CIS SecureSuite staff support is available by email only for help downloading, running and/or reporting bugs/errors related to CIS-CAT as part of the membership benefits of a CIS-CAT Consulting Engagement Membership.  CIS Benchmarks staff support for implementing and/or customizing the tool is not included.  CIS-CAT Documentation is available to support the use and customization of the tool.
  • Your CIS-CAT Consulting Engagement Membership will begin upon completion of payment and will expire 30 days thereafter.  Following receipt of payment, an email will be sent to You with information to access CIS-CAT and CIS-CAT Documentation.  The details of Your start date and expiration date will also be included.  If within 30 days following the expiration of this membership period, You wish to purchase an annual CIS SecureSuite Organizational Consulting or Named Consultant membership, CIS will credit the $495 CIS-CAT Consulting Engagement Membership Fee towards that annual membership fee.