Product Vendor


CIS SecureSuite Product Vendor Membership provides organizations licensing rights to the CIS Benchmarks and/or CIS Critical Security Controls for commercial use. Through the Product Vendor Membership, which includes Services and Consulting and End User Organization Membership rights, organizations can integrate globally recognized and widely referenced security best practices into their product offerings, greatly simplifying the security and compliance journey of their customers.

For Members integrating CIS Benchmarks into their products, this Membership includes the requirement to obtain CIS Benchmarks Certification.

With CIS Benchmarks Certification, Product Vendor Members can integrate CIS Benchmarks for automated assessment and/or remediation into their product offerings. CIS Benchmarks Assessment Certification confirms your tool automatically assesses endpoints and reports findings against the CIS Benchmarks recommendations. CIS Benchmarks Remediation Certification confirms your tool automatically remediates against the CIS Benchmarks recommendations. The third option for CIS Benchmarks Certification - Configuration - provides Product Vendor Members the opportunity to configure the infrastructure delivered with managed/cloud-hosted products according to the CIS Benchmarks.

 

CIS Product Vendor Membership Benefits

Along with providing the only licensing rights to integrate the trusted, globally recognized CIS security best practices - the CIS Benchmarks and/or the CIS Controls - CIS SecureSuite Product Vendor Membership includes:

  • The ability to promote your integration of CIS best practices through a dedicated profile page on the CIS website
  • Secure exclusive rights for CIS Benchmarks Certification, ensuring your products accurately assess, remediate for, or are configured to the CIS Benchmarks
  • Tier one technical product support
  • A dedicated CIS Account Manager
  • For select tiers, Technical Account Manager services
  • All of the benefits and licensing rights of CIS SecureSuite End User Membership
  • All of the benefits and licensing rights of CIS SecureSuite Services and Consulting Membership, including eligibility to obtain CIS Controls Accreditation

In addition to these benefits and rights, Product Vendor Membership is the only CIS SecureSuite Membership that includes Marketing Support.


View a full list of benefits

Marketing and Branding Benefits

CIS Provides:

  • A dedicated vendor profile page on CIS’s website, which includes Member logo, Member tool name, Member website homepage URL, CIS Benchmarks Certification status, and/or CIS Controls Accreditation status.
  • Permission to use specialized, applicable CIS SecureSuite Product Vendor Member badges.
  • Templates for press releases and approved marketing language.
  • One 30-minute Marketing consultation to review CIS pre-approved marketing materials, marketing language, and suggested marketing activities to use the pre-approved materials and language.
  • Content and messaging review of one piece of Member-written marketing content on CIS-related products per year.
  • CIS subject matter expert (SME) to guest present at a Member-hosted webinar or mutually agreed upon industry event, once per year, pending CIS SME availability.
  • Engagement with Member’s CIS-related posts on LinkedIn or X (formerly known as Twitter), when Member tags the CIS account, once per quarter.
  • One case study published on the CIS website and cross-promoted.

Additional benefits are available for select Membership Tiers (Tiers 6-8): 

  • CIS subject matter expert (SME) to guest present at a Member-hosted webinar or mutually agreed upon industry event, total twice per year, pending CIS SME availability.
  • Contribute CIS subject matter expertise to Member-led marketing content on CIS-related products, twice per year, such as a guide, blog post, or video.

Use Cases and Restrictions

  • Product Vendor Members commonly integrate CIS Benchmarks into their product offerings to provide capabilities such as: configuration assessment, cloud security posture management, cloud native application protection, cloud workload protection, and many others.
  • Product Vendor Membership also provides the ability to integrate the CIS Controls into product offerings to better support capabilities such as risk assessment, governance and compliance, and mapping various regulatory frameworks and standards.
  • Hardware products and offerings are not covered under this membership category. Please contact us to further discuss options and pricing for other use cases.
  • Integrating CIS-CAT Pro or other CIS tools into a product offering is not included under CIS SecureSuite Membership. Please contact us to discuss further options and pricing for possible tool integration.
  • Restrictions exist regarding use of and integration with CIS Hardened Images in cloud environments and providers. For any questions, contact us.

Pricing

Contact us for pricing information

 

CIS Benchmarks Certification

CIS Benchmarks Certification differentiates Product Vendor Members integrating the CIS Benchmarks into their product offerings. The certification establishes a sense of trust and validity to your customers and is required for all Product Vendor Members who integrate CIS Benchmarks.

CIS Benchmarks Certification Types

  • CIS Benchmarks Assessment Certification certifies that an organization has a product that accurately assesses and reports the status of a system against the security recommendations in the associated CIS Benchmarks version and profile(s).
  • CIS Benchmarks Remediation Certification certifies that an organization has a product with the capability to remediate endpoint(s) to align to the CIS Benchmarks™, saving customers time by automatically configuring systems to the CIS Benchmarks™ as well as helping to address configuration drift.
  • CIS Benchmarks Configuration Certification certifies a system’s configuration is in conformance with CIS Benchmarks, assuring that a system’s performance will not be negatively impacted when product is running in a CIS hardened environment. Configuration Certification enables Product Vendor Members to implement “security by design” with the CIS Benchmarks built in, tested, and certified at outset.

CIS Does Not Certify

  • Product(s) that assess/score against the CIS Controls
  • Software certification for a product or offering that extends beyond the ability to test conformance to a CIS Benchmark
  • Whether a company’s IT infrastructure is CIS hardened
  • Whether a company’s hosting environment is CIS hardened and/or is in conformance with a CIS Benchmark or the CIS Controls

More about the CIS Benchmarks Certification Processes

CIS Controls Accreditation

With the Services and Consulting licensing rights included in Product Vendor Membership use, Members also have the option to obtain CIS Controls accreditation.

  • Accreditation offers the ability to provide CIS Critical Security Controls implementation, auditing, and/or assessment with the assurance that the organization has met the consistent and rigorous standards of CREST certification
  • Details of the individuals performing assessments are captured to help assure that the organization is reputable, adheres to the code of conduct, and has a robust process for training staff to perform implementation/audit/assessments of CIS Controls

More about the CIS Controls Accreditation Process

CIS SecureSuite Membership logo  
Ready to enroll?
 
Have questions about Membership?
Contact us