CIS Controls Accreditation

For CIS SecureSuite Member Organizations

• Gain confidence with and trust of your customers having assurance that your organization has met the rigorous standards CIS set for organizations to conduct CIS Controls assessments.
• Market and sell your services with the CIS Controls Accredited badge and gain visibility by having your organization recognized on the CIS website as a CIS Controls Accredited organization.

For Customers of CIS SecureSuite Member Organizations

• Be confident that you are engaging with qualified service providers to assess and improve your cybersecurity posture through a CIS Controls-accredited organization.
• Demonstrate your cybersecurity posture meets the best practice recommendations of the world-renowned CIS Critical Security Controls by a verified service provider.

CREST is an international not-for-profit membership body representing the global cybersecurity industry. CREST has accredited 300+ member companies; accreditation involves a rigorous quality assurance process. Organizations buying cybersecurity services from CREST members can do so with confidence.

The partnership between CIS and CREST provides a new way for suppliers to offer a CIS Controls assessment with a stamp of approval and a means for organizations seeking Controls assessment to feel confident that they have selected a provider who has demonstrated proficiency in conducting assessments. 

• Questions on the CIS Controls accreditation process?
  
  • Visit CREST's FAQ on the application process 

• Questions on CIS SecureSuite Membership?
  
  • Email: [email protected]

CIS SecureSuite Membership is required to apply for this accreditation. The following CIS SecureSuite Member types are eligible.

• CIS SecureSuite Product Vendor Members

• CIS SecureSuite Consulting and Services Members

• CIS SecureSuite Controls Members

*CREST membership is not required.

Application Fee

$1,500 USD for CREST members

$2,500 USD for non-CREST members

The GCCC is required from SANS in order to be eligible for the CIS Controls Accreditation.  Find out more about the GIAC Certifications and/or the SANS SEC 566: Implementing and Auditing CIS Controls course with certification.

Complete the contact form to begin the application and get access to the CREST application portal.

The CREST application portal will automatically assign tasks based on the custom fields the applicant has selected.

The application form is split into several tasks. These tasks can be completed concurrently and by separate individuals.

1. Company Application Form - This form contains company information such as organization details, insurance, membership subscription, contact details, and policies and procedures.
2. CIS Controls Accreditation Application Form - Assesses the competence and experience of the organization to deliver services. It details a set of expectations and standards of behavior for organizations conducting work under this program.
3. Qualified Individuals - This task captures and records the details of the individual(s) who will be performing assessments on behalf of the organization.

• This process assures that the organization is reputable, adheres to the code of conduct, and has a robust process for training staff to perform implementation/audit/assessments of CIS Controls.
• Applicants will be required to provide the name, contact details, and qualification of the individual(s) listed. The task will also include an upload function to provide documented evidence of attainment.

The organization must successfully complete the CREST assessment. You may market and sell your services with the CIS Controls Accredited badge only after your organization has been awarded CIS Controls accreditation. The badge will be provided to you at that time.