CIS SecureSuite Product Vendor Membership Change Summary
Based on feedback from you, we've improved several aspects of the CIS SecureSuite Product Vendor Membership program. Our goal is to ensure you can easily integrate CIS best practices and that we provide you with the necessary resources and support.
Additional Benefits
Based on your feedback, we've now added several marketing benefits as part of your Membership:
- A dedicated vendor profile page on CIS's website, which includes Member logo, Member tool name, Member website homepage URL, CIS Benchmarks Certification status, and/or CIS Controls Accreditation status
- Permission to use specialized, applicable CIS SecureSuite Product Vendor Member badges
- Templates for press releases and approved marketing language
- One 30-minute Marketing consultation to review CIS pre-approved marketing materials, marketing language, and suggested marketing activities to use the pre-approved materials and language
- Content and messaging review of one piece of Member-written marketing content on CIS-related products per year
- CIS subject matter expert (SME) to guest present at a Member-hosted webinar or mutually agreed upon industry event, once per year, pending CIS SME availability
- Engagement with Member's CIS-related posts on LinkedIn or X (formerly known as Twitter), when Member tags the CIS account, once per quarter
- One case study published on the CIS website and cross-promoted
New Pricing Structure
Also based on your feedback, we understand that many of you sought for the Membership to be tailored to what and how many CIS best practices you're integrating into your tools. We're restructuring the Membership fee to be based on the following criteria:
- Member's annual organizational revenue
- Use of CIS Intellectual Property: CIS Benchmarks and/or CIS Controls
- Number of Member's tools integrating CIS Intellectual Property
- When using CIS Benchmarks, the number of CIS Benchmarks
While we can estimate what you might pay, to receive the most accurate pricing, please complete the CIS SecureSuite Product Vendor Member Attestation form and send it to your Account Manager. Upon receipt of this information, your Account Manager will confirm your 2025 Membership fee.
CIS Benchmarks Certification Process
To improve the process based on your feedback, we have removed the requirement to submit documentation for every CIS Benchmark individually.
We've also removed the requirement to submit spreadsheets as evidence of implementation. Instead, Members will provide an annual submission at the time of Membership renewal once for each Certification type (Assessment, Remediation, and Configuration) and once for each Member tool. The submission includes the following attestations or documents:
- Member has CIS Benchmarks testing processes that ensure accuracy of results/configurations
- Member has CIS Benchmarks quality assurance processes that ensure accuracy of results/configurations
- Member will update to the latest version of any previously integrated CIS Benchmarks within 90 days of CIS Benchmarks release
- Member will only submit for CIS Benchmarks Certification for actively supported CIS Benchmarks; archived Benchmarks are not available for Certification
- Member will provide a screenshot demonstrating that manual recommendations and exceptions are shown to the end user by marking them as Not Applicable, Manual, or otherwise
- When capable, show all details of the given recommendation of the CIS Benchmarks — title, description, impact, audit, and remediation (remaining sections are optional)
- If not able to show all details of the given recommendation sections as described above, Member will provide a link to the CIS Benchmarks webpage prominently within the tool to provide users a pathway to access the free for non-commercial use CIS Benchmarks PDFs for manual assessment and/or remediation
- Member attests that the number of recommendations automated in the Member tool are equal or more than 90% of the total number of automated recommendations within that Level of the Benchmark; if less than 90%, written approval from CIS is needed
- e.g., the CIS Benchmark has 100 recommendations in Level 1; of the 100 total recommendations, 90 are marked as automated by CIS; the Member should automate at least 81 recommendations (81 = 90% of 90 recommendations)
- Member will make reasonable efforts to submit feedback on implementation methods, proposed improvements to the CIS Benchmarks, or Certification exceptions submitted to the applicable CIS WorkBench Community as a ticket on the latest draft of the applicable CIS Benchmarks.
Required Documents and Processes
Starting with 2025 renewals, the following documents will be required as a part of the CIS SecureSuite Product Vendor Membership renewal process:
- CIS SecureSuite Product Vendor Member Attestation form (formerly the Revenue Attestation form, now with additional fields)
- Within that document, for Members integrating CIS Benchmarks™, a full list of CIS Benchmarks planned for use or in use within the 12-month Membership Term
- One of the following documents to demonstrate the Member's use of CIS Benchmarks and/or CIS Controls®: live or pre-recorded demo, screenshot(s), or public-facing documentation (which includes screenshots of the tool or platform)
- For Members integrating CIS Benchmarks, successful completion of the CIS Benchmarks Certification process.
Frequently Asked Questions (FAQ)
When does the new Product Vendor Member program start?
This program rollout starts on January 1, 2025, and goes into effect upon your Membership renewal date.
Whom does this affect?
All CIS Product Vendor Members beginning January 1, 2025.
What are the requirements to renew my CIS SecureSuite® Product Vendor Membership?
- Completed CIS SecureSuite Product Vendor Membership Attestation form
- Information demonstrating your organization’s use case regarding the CIS Benchmarks™ and/or CIS Controls®
- Signed order reflecting Membership fee and dates of Membership term
- Signed legal agreement
- When using CIS Benchmarks, completion of annual CIS Benchmarks Certification
How is my CIS Product Vendor Membership fee determined?
The Membership fee is based on four factors:
- Member’s annual organizational revenue
- Use of CIS® intellectual property: CIS Benchmarks and/or CIS Controls
- Number of Member’s tools integrating CIS intellectual property
- When using CIS Benchmarks, the number of CIS Benchmarks
While we can estimate what you might pay, to receive the most accurate pricing, please complete the CIS SecureSuite Product Vendor Member Attestation form and send it to your Account Manager. Upon receipt of this information, your Account Manager will confirm your 2025 Membership fee.
How will our Membership tier be updated, if needed, throughout the year?
If the number of tools, number of Benchmarks, or what CIS IP you're integrating changes, you can update your Membership tier by providing an updated version of your CIS SecureSuite Product Vendor Member Attestation form to your Account Manager.
What is the CIS attestation process?
The CIS attestation process ensures CIS can effectively support your use case in relation to your integration of CIS best practices. This lightweight annual process provides CIS with basic information about your use case and must be completed 90 days prior to your Membership renewal date annually and throughout the year, if necessary.
How is the CIS Benchmarks certification process changing?
For Members using CIS Benchmarks, CIS Benchmarks Certification is a requirement. To improve the process based on your feedback, we have removed the requirement to submit documentation for every CIS Benchmark individually.
In lieu of the spreadsheets used today, Members will provide an annual submission at the time of Membership renewal. Closer to your renewal, we'll provide a more detailed requirements document.
Are we required to complete anything before co-marketing opportunities become available?
All Members must complete the CIS attestation process by providing a completed CIS SecureSuite Product Vendor Member Attestation form and use case evidence.
For Members using CIS Benchmarks, it is required to complete CIS Benchmarks Certification. Marketing benefits cannot be utilized prior to completing Certification.
Will my Product Vendor webpage be changing?
Great news! CIS is improving our process to maintain the Product Vendor pages and when provided by you, we'll be adding your website URL.
Will I have a dedicated Account Manager?
Yes, of course!
Whom should I contact with any questions or concerns?
You can email your dedicated Account Manager or [email protected] directly.