The CIS SecureSuite Product Vendor Membership allows organizations the right to incorporate CIS Benchmarks and CIS Controls into their security products and service offerings. It is inclusive of Consulting and Services use as well, which consists of using resources on client machines to assist with auditing or consulting engagements.
This Membership offers the opportunity to obtain CIS Certification for your products and offerings. Integration options may include CIS Benchmarks Assessment, Remediation, and/or Configuration certifications. Certification confirms your tools accurately assess environments and report findings against CIS Benchmark recommendations correctly. Certification options are listed below.
CIS Product Vendor Membership Benefits
- Vendor members may use the CIS SecureSuite resources in consulting engagements with external customers, in hosting/cloud/managed services environments and on their own internal systems.
- Hardware products and offerings are not covered under this membership category. Please contact us to further discuss options and pricing for other use cases.
- Incorporating CIS-CAT Pro or other CIS tools into a product or software is not permitted under the CIS SecureSuite Membership. Please contact us to further discuss options and pricing for possible tool integration.
- Restrictions exist regarding use of and integration with CIS Hardened Images in cloud environments and providers. For any questions, contact us.
Annual membership fees based on enrolling organization’s annual revenue*:
|Annual Revenue Range||Annual Membership Fee|
|$100M – $499M||$60,000|
|$10M – $99M||$40,000|
|$1M – $9M||$20,000|
|$250K – $999K||$12,000|
|$0 – $249K||$6,000|
*Pricing in USD. Subject to change.
- The vendor has adapted its product to accurately assess and report to the security recommendations in the associated CIS Benchmarks version and profile(s). (CIS Benchmarks Assessment Certification)
- The vendor has adapted the configuration of its product that contains a system to be in conformance with CIS Benchmark(s), assuring that the system’s performance will not be negatively impacted when product is running in a CIS hardened environment. (CIS Benchmarks Configuration Certification)
- The vendor has adapted their product to have capability to push remediation script to end point to configure to align to CIS Benchmark(s) version and profile(s). (CIS Benchmarks Remediation Certification)
CIS Does Not Certify
- Product(s) that assess/score against the CIS Controls.
- Software certification for a product or offering that extends beyond the ability to test conformance to a CIS Benchmark.
- Whether a company’s IT infrastructure is CIS hardened.
- Whether a company’s hosting environment is CIS hardened and/or is in conformance with a CIS Benchmark or the CIS Controls
- You may release and market your product(s) with the corresponding CIS Benchmarks Certified Badge and state that the product had received the denoted certification only after the respective product(s) has been awarded CIS Certification.
- CIS will add/update your dedicated vendor profile page on the CIS website to reflect any Certification(s) awarded. See list of vendor pages.
- CIS can provide pre-approved language for use in communications.
- CIS will collaborate with the member to create a case study to be published on the CIS website, and cross-promoted by both CIS and the member.
- If you are interested in any joint marketing efforts, please contact your CIS SecureSuite Member Success Account team member.
More about the CIS Benchmark Certification Processes
- CIS Benchmarks Assessment Certification
- CIS Benchmarks Configuration Certification
- CIS Benchmarks Remediation Certification