Vulnerability Assessments

CIS provides both Network and Web Application Vulnerability Assessment services to U.S. State, Local, Tribal, and Territorial (SLTT) governments.

Network Vulnerability Assessment

CIS Network Vulnerability Assessment Services provide organizations with a cost-effective solution for network auditing and vulnerability management. Services include network discovery and mapping, asset prioritization, vulnerability assessment reporting, and remediation tracking according to business risk.

Single Assessment

This service includes:

  • One automated Network Vulnerability Assessment
  • Prioritization of vulnerability remediation
  • Manual verification of vulnerabilities
  • Customized reporting
  • Vulnerability remediation support

Quarterly or Monthly Assessments

This service includes:
  • PCI-compliant network security scans by an Approved Scanning Vendor (ASV)
  • PCI self‐assessment questionnaire
  • PCI “auto submission” feature, allowing users to submit compliance status
  • Scheduled, automated Vulnerability Assessments
  • Prioritization of vulnerability remediation
  • Manual verification of vulnerabilities
  • Customized reporting
  • Remediation support
  • Ongoing vulnerability ticket management
  • OnDemand reporting and trending information via a 24x7 self-serve secure portal*

Web Application Vulnerability Assessment

CIS Web Application Vulnerability Assessment Services help organizations cost-effectively and proactively secure web applications by identifying and cataloging applications, detecting vulnerabilities, manually testing vulnerabilities for false-positives, and providing remediation steps to improve overall security posture.

Single Assessment

This service includes:
  • One automated Web Application Vulnerability Assessment
  • Prioritization of vulnerability remediation
  • Manual verification of vulnerabilities
  • Customized reporting
  • Remediation support

Quarterly or Monthly Assessments

This service includes:
  • Scheduled automated Web Application Vulnerability Assessments
  • Manual verification of vulnerabilities
  • Customized reporting
  • Prioritization of vulnerability remediation
  • Remediation support
  • Ongoing vulnerability ticket management
  • OnDemand reporting and trending information via a 24x7 self-serve secure portal**The OnDemand reporting feature and access to a 24x7 self-serve secure portal is dependent on the size of the assessment. Small assessments with a minimal amount of IPs will not have access to this feature.

Please Note:

  1. A scanning appliance is required for internal Network Vulnerability Assessment.
  2. Invoice is based on the actual number of live IPs/web applications scanned that period.
  3. There is an 8,000 page, or a 23-hour runtime, limitation per web application, whichever occurs first.

Free Guide: Cybersecurity Services to help implement the CIS Controls:Download Arrow