CIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. The CIS Controls® and CIS Benchmarks™ are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. Our CIS Hardened Images® are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud. CIS is home to both the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the cybersecurity needs of U.S. State, Local and Territorial elections offices.


For more information on these products, please view the resources in the tab above.

  • CIS Hardened Images®
    • CIS Hardened Images are securely pre-configured virtual machine images hardened according to the globally recognized security configuration recommendations of the CIS Benchmarks to the cloud. They provide a secure, on-demand and scalable computing environment.
    • More secure than a standard image, hardened virtual images reduce system vulnerabilities to help protect against denial of service, unauthorized data access, and other cyber threats.
    • Each CIS Hardened Image includes a report showing conformance to the applicable CIS Benchmark.
    • Offered for seven different virtual machine versions of Linux: Amazon, CentOS, Debian, Oracle, Red Hat, SUSE and Ubuntu - as well as Microsoft Windows Server.
    • Available to spin up immediately from AWS Marketplace including AWS GovCloud (US) region and AWS for the IC, Azure Marketplace including Azure Government, and Google Cloud Platform.
  • CIS Network Security Monitoring (Albert)
    • IDS monitoring solution providing automated alerting on both traditional and advanced network threats
    • In-depth review of alerts conducted by expert analysts through CIS’s 24x7 Security Operations
    • Highly cost effective service, leveraging open source IDS engine and commodity hardware
    • Outstanding customer service
    • Unique and SLTT focused signature set
    • Fully monitored and managed service
  • Penetration Testing
    • Network and web application penetration testing
    • Identification and exploitation of vulnerabilities for risk assignment
    • Reporting on vulnerabilities, risk, impact, location, recommendations, and references to mitigate in your environment
  • Security Assessment
    • Identification of pre-existing compromises and ensuring the effectiveness of security layers
    • Utilization of the CIS Enumeration and Scanning Program (CIS-ESP) and CIS Configuration Assessment Tool (CIS-CAT)
    • Review active directory, servers, workstations, patching policy, and backup solution
    • Assess firewall configurations, remote access methods, OS levels, wireless network configurations, and administration accounts
  • Phishing Engagements
    • Leverage technical and socio-psychological techniques to diagnose end user awareness
    • Craft unique and customize phishing email content, landing pages, login pages, or surveys
    • Option to add malicious attachments
    • Extensive report detailing what users clicked, how many times, overall organization percentages, and recommendations
  • CIS SecureSuite
    • Used by over 1,700 organizations worldwide, CIS SecureSuite® Membership provides integrated cybersecurity resources to help businesses, nonprofits, governmental entities, and IT experts start secure and stay secure.
    • Access to CIS-CAT® Pro, a robust system configuration and vulnerability assessment tool with assessor and dashboard components that correspond to CIS Benchmarks (see below)
    • CIS WorkBench, a community website for tech professionals to network, discuss technical concepts, collaborate on cybersecurity projects, and download CIS resources
    • Access to the CIS Controls® library
    • PDF/Word/Excel/XML versions of the CIS Benchmarks™
    • Remediation content for rapidly implementing CIS Benchmark™
      recommendations and much more
      • CIS Benchmarks™
        • Proven guidelines will enable you to safeguard operating systems, software and networks that are most vulnerable to cyber attacks. They are continually verified by a volunteer IT community to combat evolving cybersecurity challenges.
        • CIS Benchmarks™ help safeguard systems, software, and networks against today's evolving cyber threats. Developed by an international community of cybersecurity experts, the CIS Benchmarks™ are configuration guidelines for over 100 technologies and platforms.
      • CIS Controls®
        • IT security leaders use CIS Controls® to quickly establish the protections providing the highest payoff in their organizations. They guide IT professionals through a series of 20 foundational and advanced cybersecurity actions, where the most common attacks can be eliminated.
        • The CIS Controls® are a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. The CIS Controls® are a relatively short list of high-priority, highly effective defensive actions that provide a "must-do, do-first" starting point for every organization looking to improve its cybersecurity posture.



GSA Schedule 70

Dec 20, 2011- Dec 19, 2021


Mar 03, 2015- Aug 10, 2020
*Additional Option Years Available

State and Local

City of Seattle Contract

Jul 11, 2014- Dec 19, 2021

Department of General Services PA - Symantec

May 01, 2009- Dec 19, 2021

Kentucky COT - NASPO

Jun 21, 2017- Sep 15, 2026

NASPO ValuePoint

Oct 14, 2016- Sep 15, 2026

Orange County National IPA Co-Op

Jun 01, 2015- May 31, 2021

State of Alaska Cloud Solutions Contract- NASPO

Aug 07, 2017- Sep 16, 2026

State of Arkansas Cloud Solutions Contract- NASPO

Jul 01, 2017- Sep 15, 2026

State of California Cloud Solutions Contract- NASPO

Sep 15, 2017- Sep 15, 2026

State of Delaware Cloud Solutions Contract- NASPO

Jun 30, 2017- Sep 15, 2026

State of Florida Department of Management Services Cloud Solutions Contract- NASPO

Aug 01, 2017- Sep 30, 2020

State of Hawaii Cloud Solutions Contract - NASPO

Jul 01, 2017- Sep 15, 2026

State of Indiana Contract

Aug 01, 2017- Jul 31, 2021

State of Kansas Cloud Solutions Contract- NASPO

Jul 01, 2017- Sep 15, 2026

State of Louisiana Cloud Solutions Contract- NASPO

Mar 03, 2017- Sep 15, 2026

State of Minnesota Cloud Solutions Contract- NASPO

Aug 16, 2017- Sep 16, 2026

State of Missouri Cloud Solutions Contract- NASPO

Apr 21, 2018- Sep 10, 2026

State of Nebraska Cloud Solutions Contract- NASPO

78128 O4
Jul 19, 2017- Sep 16, 2026

State of Nevada Cloud Solutions Contract- NASPO

Jun 15, 2017- Sep 15, 2026

State of New Mexico Cloud Solutions Contract- NASPO

May 10, 2018- Sep 16, 2026

State of New Mexico Contract

Aug 01, 2017- Aug 01, 2021

State of Oklahoma Cloud Solutions Contract- NASPO

May 17, 2017- Sep 15, 2026

State of Washington Cloud Solutions Contract- NASPO

Jul 17, 2017- Sep 15, 2026


Massachusetts Higher Education Consortium (MHEC)

Aug 10, 2019- Jun 30, 2022


May 02, 2014- Dec 19, 2021

Upcoming Events



Albert is a unique network monitoring solution that provides automated alerts on both traditional and advanced network threats. Albert is a cost-effective IDS monitoring solution with a unique, SLTT-focused signature set that is monitored by a 24x7 Security Operations Center (SOC).

How cybersecurity and elections intersect and why it matters. To enable the elections that define democracy, we must protect the security and reliability of elections infrastructure. Through a best practices approach, we aim to help organizations involved in elections better understand what to focus...

CIS® (Center for Internet Security, Inc.) offers both network and web application penetration testing services. These services simulate a real-world cyber attack, allowing organizations to safely review the security posture of their web applications and networking devices.

Organizations are under constant attack, targeted by well-funded criminals and nation-state actors. These groups use sophisticated attacks that often go undetected by many standard signature-based defense mechanisms. Because of this, organizations are often compromised for long periods of time—in ...

Despite the most sophisticated plans to protect network infrastructure and company data, no organization can predict every employee’s cybersecurity education level or previous experiences. Phishing is a user-centric attack technique that combines technical and socio-psychological techniques to enc...

Used by over 1,700 businesses and government entities worldwide to defend against cyber attacks, CIS SecureSuite Membership provides users access to a host of integrated cybersecurity resources.

As server workloads are increasingly deployed on public cloud platforms, organizations are experiencing a range of security and compliance challenges, including attempted exploits. Hardening servers based on accepted industry benchmarks is a cybersecurity best practice that reduces vulnerabilities.

CIS Hardened Images are securely preconfigured virtual machine images hardened according to the globally recognized security configuration recommendations of the CIS Benchmarks to the cloud. Learn more about the benefits of using CIS Hardened Images.

CIS offers network security monitoring services through a solution referred to as Albert. Albert provides network security alerts for both traditional and advanced network threats, helping organizations identify malicious activity. This cost-effective Intrusion Detection System (IDS) uses open sourc...

CIS and the Elections Infrastructure ISAC have worked collaboratively with election officials and their teams to provide an election-focused cyber defense suite and "A Handbook for Elections Infrastructure Security" to help both technical and non-technical individuals assess, plan, and execute on pr...