Product Vendor
The CIS SecureSuite Product Vendor Membership allows organizations the right to incorporate CIS Benchmarks and CIS Controls into their security products and service offerings. It is inclusive of Consulting and Services use as well, which consists of using resources on client machines to assist with auditing or consulting engagements.
This Membership offers the opportunity to obtain CIS Certification for your products and offerings and the option to obtain CIS Controls accreditation.
Integration options may include CIS Benchmarks Assessment, Remediation, and/or Configuration certifications. Certification confirms your tools accurately assess environments and report findings against CIS Benchmark recommendations correctly. Certification options are listed below.
CIS Controls accreditation offers service providers a “stamp of approval” at the organization level, assuring that their customers can feel confident that they are doing business with a reputable and reliable CIS Controls assessment organization.
CIS Product Vendor Membership Benefits
| End User Organizations |
Services and Consulting |
Product Vendors | |
| Unlimited access to all CIS SecureSuite Membership resources, including CIS Benchmarks and CIS Controls |  |
|
|
| Ability to develop custom configuration policy using CIS WorkBench | |
|
|
| Access to configuration assessment tool CIS-CAT Pro Accessor and Dashboard | |
|
|
| Access to CIS-CAT Pro, a CIS Controls self-assessment tool | |
|
|
| CIS SecureSuite Member Update detailing new and updated CIS resources | |
|
|
| CIS SecureSuite technical product support | |
|
|
| Company listing on CIS website as CIS SecureSuite Member | |
|
|
| Use of CIS SecureSuite Membership logo | |
|
|
| Right to distribute the CIS SecureSuite resources throughout your organization | |
|
|
| Eligible to use CIS SecureSuite resources (i.e. CIS-CAT Pro and CIS CSAT Pro) in consulting and auditing engagements | |
|
|
| CIS-CAT Pro reports to share with your customers | |
|
|
| Eligible to use the CIS SecureSuite resources to secure hosted environments or managed services | |
|
|
| CIS Benchmark Certification | |
||
| CIS Controls Accreditation | |
|
|
| Marketing Support | |
View a full list of benefits
Use Cases
- Vendor members may use the CIS SecureSuite resources in consulting engagements with external customers, in hosting/cloud/managed services environments and on their own internal systems.
- Hardware products and offerings are not covered under this membership category. Please contact us to further discuss options and pricing for other use cases.
- Incorporating CIS-CAT Pro or other CIS tools into a product or software is not permitted under the CIS SecureSuite Membership. Please contact us to further discuss options and pricing for possible tool integration.
- Restrictions exist regarding use of and integration with CIS Hardened Images in cloud environments and providers. For any questions, contact us.
Pricing
Annual membership fees based on enrolling organization’s annual revenue*:
| Annual Revenue Range | Annual Membership Fee |
|---|---|
| $500M+ | $80,000 |
| $100M – $499M | $60,000 |
| $10M – $99M | $40,000 |
| $1M – $9M | $20,000 |
| $250K – $999K | $12,000 |
| $0 – $249K | $6,000 |
*Pricing in USD. Subject to change.
CIS Benchmarks Certification
CIS Certifies
- The vendor has adapted its product to accurately assess and report to the security recommendations in the associated CIS Benchmarks version and profile(s). (CIS Benchmarks Assessment Certification)
- The vendor has adapted the configuration of its product that contains a system to be in conformance with CIS Benchmark(s), assuring that the system’s performance will not be negatively impacted when product is running in a CIS hardened environment. (CIS Benchmarks Configuration Certification)
- The vendor has adapted their product to have capability to push remediation script to end point to configure to align to CIS Benchmark(s) version and profile(s). (CIS Benchmarks Remediation Certification)
CIS Does Not Certify
- Product(s) that assess/score against the CIS Controls.
- Software certification for a product or offering that extends beyond the ability to test conformance to a CIS Benchmark.
- Whether a company’s IT infrastructure is CIS hardened.
- Whether a company’s hosting environment is CIS hardened and/or is in conformance with a CIS Benchmark or the CIS Controls
More about the CIS Benchmark Certification Processes
- CIS Benchmarks Assessment Certification
- CIS Benchmarks Configuration Certification
- CIS Benchmarks Remediation Certification
CIS Controls Accreditation
- Accreditation offers the ability to provide CIS Critical Security Controls implementation, auditing, and/or assessment with the assurance that the organization has met the consistent and rigorous standards of CREST certification
- Details of the individuals performing assessments are captured to help assure that the organization is reputable, adheres to the code of conduct, and has a robust process for training staff to perform implementation/audit/assessments of CIS Controls
More about the CIS Controls Accreditation Process
Marketing Opportunities
- You may release and market your product(s) with the corresponding CIS Benchmarks Certified Badge and state that the product had received the denoted certification only after the respective product(s) has been awarded CIS Certification.
- You may market your organization with the corresponding CIS Controls Accredited badge only after your organization has been awarded the Accreditation.
- CIS will add/update your dedicated vendor profile page on the CIS website to reflect any Certifications(s) or Accreditation awarded. See list of vendor pages.
- CIS can provide pre-approved language for use in communications.
- CIS will collaborate with the member to create a case study to be published on the CIS website, and cross-promoted by both CIS and the member.
