CIS SecureSuite Product Vendor Membership Change Summary

Based on feedback from you, we've improved several aspects of the CIS SecureSuite Product Vendor Membership program. Our goal is to ensure you can easily integrate CIS best practices and that we provide you with the necessary resources and support.

Additional Benefits

Based on your feedback, we've now added several marketing benefits as part of your Membership:

• A dedicated vendor profile page on CIS's website, which includes Member logo, Member tool name, Member website homepage URL, CIS Benchmarks Certification status, and/or CIS Controls Accreditation status
• Permission to use specialized, applicable CIS SecureSuite Product Vendor Member badges
• Templates for press releases and approved marketing language
• One 30-minute Marketing consultation to review CIS pre-approved marketing materials, marketing language, and suggested marketing activities to use the pre-approved materials and language
• Content and messaging review of one piece of Member-written marketing content on CIS-related products per year
• CIS subject matter expert (SME) to guest present at a Member-hosted webinar or mutually agreed upon industry event, once per year, pending CIS SME availability
• Engagement with Member's CIS-related posts on LinkedIn or X (formerly known as Twitter), when Member tags the CIS account, once per quarter
• One case study published on the CIS website and cross-promoted

New Pricing Structure

Also based on your feedback, we understand that many of you sought for the Membership to be tailored to what and how many CIS best practices you're integrating into your tools. We're restructuring the Membership fee to be based on the following criteria:

• Member's annual organizational revenue
• Use of CIS Intellectual Property: CIS Benchmarks and/or CIS Controls
• Number of Member's tools integrating CIS Intellectual Property
• When using CIS Benchmarks, the number of CIS Benchmarks

While we can estimate what you might pay, to receive the most accurate pricing, please complete the CIS SecureSuite Product Vendor Member Attestation form and send it to your Account Manager. Upon receipt of this information, your Account Manager will confirm your 2025 Membership fee.

CIS Benchmarks Certification Process

To improve the process based on your feedback, we have removed the requirement to submit documentation for every CIS Benchmark individually.

We've also removed the requirement to submit spreadsheets as evidence of implementation. Instead, Members will provide an annual submission at the time of Membership renewal once for each Certification type (Assessment, Remediation, and Configuration) and once for each Member tool. The submission includes the following attestations or documents:

• Member has CIS Benchmarks testing processes that ensure accuracy of results/configurations
• Member has CIS Benchmarks quality assurance processes that ensure accuracy of results/configurations
• Member will update to the latest version of any previously integrated CIS Benchmarks within 90 days of CIS Benchmarks release
• Member will only submit for CIS Benchmarks Certification for actively supported CIS Benchmarks; archived Benchmarks are not available for Certification
• Member will provide a screenshot demonstrating that manual recommendations and exceptions are shown to the end user by marking them as Not Applicable, Manual, or otherwise
• When capable, show all details of the given recommendation of the CIS Benchmarks — title, description, impact, audit, and remediation (remaining sections are optional)
• If not able to show all details of the given recommendation sections as described above, Member will provide a link to the CIS Benchmarks webpage prominently within the tool to provide users a pathway to access the free for non-commercial use CIS Benchmarks PDFs for manual assessment and/or remediation
• Member attests that the number of recommendations automated in the Member tool are equal or more than 90% of the total number of automated recommendations within that Level of the Benchmark; if less than 90%, written approval from CIS is needed
• e.g., the CIS Benchmark has 100 recommendations in Level 1; of the 100 total recommendations, 90 are marked as automated by CIS; the Member should automate at least 81 recommendations (81 = 90% of 90 recommendations)
• Member will make reasonable efforts to submit feedback on implementation methods, proposed improvements to the CIS Benchmarks, or Certification exceptions submitted to the applicable CIS WorkBench Community as a ticket on the latest draft of the applicable CIS Benchmarks.

Required Documents and Processes

Starting with 2025 renewals, the following documents will be required as a part of the CIS SecureSuite Product Vendor Membership renewal process:

• CIS SecureSuite Product Vendor Member Attestation form (formerly the Revenue Attestation form, now with additional fields)
• Within that document, for Members integrating CIS Benchmarks^™, a full list of CIS Benchmarks planned for use or in use within the 12-month Membership Term
• One of the following documents to demonstrate the Member's use of CIS Benchmarks and/or CIS Controls^®: live or pre-recorded demo, screenshot(s), or public-facing documentation (which includes screenshots of the tool or platform)
• For Members integrating CIS Benchmarks, successful completion of the CIS Benchmarks Certification process.

Frequently Asked Questions (FAQ)