Product Vendor

The CIS SecureSuite Product Vendor Membership allows organizations the right to incorporate CIS Benchmarks and CIS Controls into their security products and service offerings. It is inclusive of Consulting and Services use as well, which consists of using resources on client machines to assist with auditing or consulting engagements.

This Membership offers the opportunity to obtain CIS Certification for your products and offerings. Integration options may include CIS Benchmarks Assessment, Remediation, and/or Configuration certifications. Certification confirms your tools accurately assess environments and report findings against CIS Benchmark recommendations correctly. Certification options are listed below.


CIS Product Vendor Membership Benefits

SecureSuite Product Vendor table

View a full list of benefits

Use Cases

  • Vendor members may use the CIS SecureSuite resources in consulting engagements with external customers, in hosting/cloud/managed services environments and on their own internal systems.
  • Hardware products and offerings are not covered under this membership category. Please contact us to further discuss options and pricing for other use cases.
  • Incorporating CIS-CAT Pro or other CIS tools into a product or software is not permitted under the CIS SecureSuite Membership. Please contact us to further discuss options and pricing for possible tool integration.
  • Restrictions exist regarding use of and integration with CIS Hardened Images in cloud environments and providers. For any questions, contact us.


Annual membership fees based on enrolling organization’s annual revenue*:

Annual Revenue Range Annual Membership Fee
$500M+ $80,000
$100M – $499M $60,000
$10M – $99M $40,000
$1M – $9M $20,000
$250K – $999K $12,000
$0 – $249K $6,000

*Pricing in USD. Subject to change.

CIS Certifies

  • The vendor has adapted its product to accurately assess and report to the security recommendations in the associated CIS Benchmarks version and profile(s). (CIS Benchmarks Assessment Certification)
  • The vendor has adapted the configuration of its product that contains a system to be in conformance with CIS Benchmark(s), assuring that the system’s performance will not be negatively impacted when product is running in a CIS hardened environment. (CIS Benchmarks Configuration Certification)
  • The vendor has adapted their product to have capability to push remediation script to end point to configure to align to CIS Benchmark(s) version and profile(s). (CIS Benchmarks Remediation Certification)

CIS Does Not Certify

  • Product(s) that assess/score against the CIS Controls.
  • Software certification for a product or offering that extends beyond the ability to test conformance to a CIS Benchmark.
  • Whether a company’s IT infrastructure is CIS hardened.
  • Whether a company’s hosting environment is CIS hardened and/or is in conformance with a CIS Benchmark or the CIS Controls

Marketing Opportunities

More about the CIS Benchmark Certification Processes

Arrow Review CIS SecureSuite Membership Terms of Use
CIS SecureSuite Membership logo  
Ready to enroll?
Have questions about membership?
Contact us