CIS SecureSuite Membership is required to use the CIS Benchmarks and CIS Controls commercially. CIS SecureSuite Product Vendor Membership allows product vendors the right to integrate the CIS Benchmarks and the CIS Controls content into their security product and service offering(s). In order to incorporate and market the CIS Benchmarks as part of a product offering, CIS Certification must be awarded to denote conformance with the CIS Benchmark. Fifteen (15) CIS Benchmark Certifications are included in a membership year. Additional bundles of ten (10) certifications can be purchased for $5,000 USD.
Organizations enrolled in this CIS SecureSuite Membership category may also use the CIS SecureSuite resources in consulting engagements with external customers, in hosting/cloud/managed services environments and on their own internal systems.
Other use cases, such as remediation products, hardware products, and other offerings, are not covered under this Membership category. Please contact us to further discuss options and pricing for other use cases.
Incorporating CIS-CAT Pro or other CIS tools into a product or software is not permitted under the CIS SecureSuite Membership. Please contact us to further discuss options and pricing for possible tool integration.
Restrictions exist regarding use of and integration with CIS Hardened Images in cloud environments and providers. For any questions, contact us.
Annual membership fees based on enrolling organization's annual revenue*:
|Annual Revenue Range||Annual Membership Fee|
|$100M - $999M||$25,000|
|$10M - $99M||$20,000|
|$1M - $9M||$15,000|
|$0 - $999K||$9,500|
*Pricing in USD. Subject to change.
Fifteen (15) CIS Benchmark Certifications are included in a membership year. Additional bundles of ten (10) certifications can be purchased for $5,000 USD.
- A vendor’s security software product’s ability to assess a system’s conformance to a specific CIS Benchmark (Assessment Option).
- A product that contains a system (i.e., Operating System) for which CIS offers a CIS Benchmark whereas that system has been configured in accordance to a specific CIS Benchmark and can be assessed for conformance to the CIS Benchmarks (Product Conformance Option).
CIS Does Not Certify
- A product’s ability to remediate a system to be in conformance with a specific CIS Benchmark (Remediation Option).
- Product(s) that assess/score against the CIS Controls.
- Software certification for a product or offering that extends beyond the ability to test conformance to a CIS Benchmark.
- Whether a company’s IT infrastructure is CIS hardened.
- Whether a company’s hosting environment is CIS hardened and/or is in conformance with a CIS Benchmark or the CIS Controls
- You may release and market your product(s) with the CIS Product Vendor Member “Certified” Logo and state that the product is CIS Certified only after the respective product(s) has been awarded CIS Certification.
- CIS will add/update your dedicated webpage on the CIS website to reflect any Certification(s) awarded. See list of vendor pages.
- CIS can provide a press release template for your company to announce its certifications.
- CIS can post certifications awarded to our social media channels and cross market as appropriate related to certification.
- If you are interested in any joint marketing efforts, please contact your CIS SecureSuite Member Success Account team member.