Who Is CIS?

Cybersecurity can be a daunting subject. For many, just the thought of a ransomware attack or data breach is enough to send anxiety levels soaring. And the list of things to do to defend against cyber threats can seem overwhelming and even confusing. At the Center for Internet Security, Inc. (CIS), we specialize in simplifying cybersecurity measures, developing consensus-based security best practices, and providing industry-proven cybersecurity products and best-in-class services to some of the most vulnerable organizations.

We Are Passionate Pioneers 

We Are Passionate Pioneers  iconIn the year 2000, just over 50 percent of American households had a computer, and nearly half of those were connected to the internet.1 The proliferation of computers in homes, schools, and workplaces gave way to a rise in cyber attacks. In those early days, there was no clear model for how to effectively protect organizations from cyber threats. Visionaries identified this void and stepped boldly into it, forming CIS out of the need for an independent organization to build consensus around effective cybersecurity.

“CIS’s great strength, and it was always the reason for CIS, was to build a consensus that would be powerful enough to get the vendors to sell you safer systems,” said late CIS co-founder Alan Paller. “Users have no way to make all their systems secure. It’s not fair to ask them to do it. It would be like making you put seatbelts in your car.”

We Are Independent Innovators

As a 501(c)3 nonprofit, CIS is an independent, nonpartisan, vendor-agnostic organization. We work closely with industry, other nonprofits, and government leaders on both sides of the aisle. A strong private sector base also gives us the opportunity to solve problems that a smaller enterprise could never attempt and to take on important challenges that don’t appeal to profit-driven organizations or don’t make sense for governments. From the ever-present risk of cyber attacks to the endless list of things organizations could do to protect themselves, cybersecurity can be overwhelming.We Are Independent Innovators

At CIS, we are innovators in developing prioritized guidance that is proven to help organizations mitigate cyber risk. CIS maintains one of the most prominent, globally-recognized set of cybersecurity best practices, the CIS Critical Security Controls, which proudly stand alongside the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), ISO 27001, and other recognized standards.

Referenced as a cybersecurity standard in legislation in 11 states, the CIS Critical Security Controls are a prescriptive, prioritized, and simplified set of best practices that organizations can use to strengthen their cybersecurity posture.

At CIS, our commitment to a safer world goes beyond the theoretical and dives headlong into the practical level with the CIS Benchmarks. CIS Benchmarks are proven guidelines to securely configure technology from more than 25 vendor product families, including Microsoft, Google, Amazon, and many others.

True to our nonprofit identity, CIS offers both the CIS Benchmarks and CIS Controls completely free to everyone.

We Are Convening Collaborators

As an independent nonprofit in the cybersecurity space, CIS is uniquely positioned to serve as a bridge between government and the private sector. CIS brings together more cybersecurity expertise than any single company, convening leading minds from around the world to help strengthen the nation's cyber defenses and meet the cybersecurity needs of organizations everywhere.

We Are Convening Collaborators

Hundreds of IT security professionals from different organizations worldwide contribute to developing and updating the CIS Controls. There are more than 12,000 IT security experts that contribute to the development of the CIS Benchmarks. CIS also works with the top technology companies to promote cybersecurity worldwide and to provide cost-effective solutions that help protect U.S. public sector organizations below the federal level from the never-ending onslaught of cyber attacks.

CIS operates two collaborative communities that advance cybersecurity for state and local governments. The Multi-State Information Sharing and Analysis Center (MS-ISAC®) consists of more than 16,000 organizational members from the public sector, including state agencies, local government offices, K-12 schools, public universities, and others. The Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC®) consists of more than 3,500 U.S. election offices at the state and local level. Through the MS-ISAC and EI-ISAC, these member organizations receive cyber threat intelligence, cyber defense services, 24x7x365 cybersecurity monitoring, and cyber incident response support all at no cost to them.

Through our work with public sector entities, cybersecurity companies, and other security experts, CIS maintains the largest database of cyber threats specific to state and local governments and is a trusted source of information and support for these active communities.

We Are Driven by Purpose, Not Profit

Purpose – not profit – drives the work at CIS. CIS employees are drawn to the meaningful work of serving organizations of all sizes and industries with impactful cybersecurity best practices and support. To carry out this work, CIS has historically received funding from two primary sources:

  1. Federal funding through a cooperative agreement administered by the Cybersecurity and Infrastructure Security Agency (CISA), which offers cybersecurity tools and resources at no cost to U.S. State, Local, Tribal, and Territorial (SLTT) governments.  
  2. Offering low-cost cybersecurity products and services to U.S. SLTT governments as well as organizations worldwide. CIS receives revenue from selling products such as CIS Hardened Images and CIS SecureSuite to organizations across the globe. CIS also works with top technology vendors to offer effective, low-cost services such as CIS Endpoint Security Services to U.S. SLTTs.

CIS has on occasion accepted grant funding for specific purposes to advance cybersecurity initiatives in line with the security needs of state and local governments. These situations are always vetted by the diverse, mission-focused CIS Board of Directors.

We Are Creating Confidence in the Connected World

We Are Creating Confidence in the Connected World

At CIS, we’re one of the few institutions with a more than 20-year track record of sustainability in the cybersecurity industry. We continue to evolve along with the threat, relentlessly keeping our best practices relevant and our cyber threat intelligence current. As purpose-driven pioneers, innovators, and collaborators, we’re creating confidence in the connected world.

Want to learn more about who we are?


Have you heard something about CIS that you're unsure about? Visit our Rumor Control page to get the facts.

Learn more


1. https://www.census.gov/history/pdf/comp-internetuse2016.pdf