Vulnerability Assessments

CIS provides both Network and Web Application Vulnerability Assessment services to U.S. State, Local, Tribal, and Territorial (SLTT) governments.

Network Vulnerability Assessment

CIS Network Vulnerability Assessment Services provide organizations with a cost-effective solution for network auditing and vulnerability management. Services include network discovery and mapping, asset prioritization, vulnerability assessment reporting, and remediation tracking according to business risk.

Single Assessment

This service includes:

  • One automated Network Vulnerability Assessment
  • Prioritization of vulnerability remediation
  • Manual verification of vulnerabilities
  • Customized reporting
  • Vulnerability remediation support

Quarterly or Monthly Assessments

This service includes:
  • PCI-compliant network security scans by an Approved Scanning Vendor (ASV)
  • PCI self‐assessment questionnaire
  • PCI “auto submission” feature, allowing users to submit compliance status
  • Scheduled, automated Vulnerability Assessments
  • Prioritization of vulnerability remediation
  • Manual verification of vulnerabilities
  • Customized reporting
  • Remediation support

Web Application Vulnerability Assessment

CIS Web Application Vulnerability Assessment Services help organizations cost-effectively and proactively secure web applications by identifying and cataloging applications, detecting vulnerabilities, manually testing vulnerabilities for false-positives, and providing remediation steps to improve overall security posture.

Single Assessment

This service includes:
  • One automated Web Application Vulnerability Assessment
  • Prioritization of vulnerability remediation
  • Manual verification of vulnerabilities
  • Customized reporting
  • Remediation support

Quarterly or Monthly Assessments

This service includes:
  • Scheduled automated Web Application Vulnerability Assessments
  • Manual verification of vulnerabilities
  • Customized reporting
  • Prioritization of vulnerability remediation
  • Remediation support

Please Note:

  1. A scanning appliance is required for internal Network Vulnerability Assessment.
  2. Invoice is based on the actual number of live IPs/web applications scanned that period.
  3. There is an 8,000 page, or a 23-hour runtime, limitation per web application, whichever occurs first.

Free Guide: Cybersecurity Services to help implement the CIS Controls:Download Arrow