Center for Internet Security, Inc. (CIS) Solutions for the Public Sector

Trusted worldwide by security-conscious organizations, CIS Hardened Images® provide pre-configured virtual machine (VM) images built to the globally recognized CIS Benchmarks™. 

Available in major cloud marketplaces, CIS Hardened Images simplify the challenge of configuring secure operating systems and applications. These images deliver a secure foundation for cloud workloads—helping government, education, and enterprise organizations reduce risk while accelerating time to deployment.

Why Organizations Choose CIS Hardened Images: 

• Secure by Default – Built to align with CIS Benchmarks™, trusted globally and mapped to key compliance frameworks including NIST, HIPAA, PCI DSS, and FedRAMP.
• Accelerated Deployments – Launch secure virtual machines in minutes with pre-hardened images, eliminating the need for manual configuration and saving valuable time.
• Continuously Maintained – Updated regularly by CIS to address emerging vulnerabilities and evolving threat landscapes.
• Cloud-Agnostic Availability – Available across major cloud platforms including AWS, Azure, Google Cloud, and Oracle Cloud.
• Compliance-Ready – Supports faster alignment with regulatory requirements and internal security policies through standardized, benchmark-based configurations. Why It Matters: Even the most skilled teams face challenges with consistency, time, and evolving threats. Building secure images in-house requires ongoing patching, testing, and validation — tasks that can consume resources and introduce human error. CIS Hardened Images remove that uncertainty and provide a trusted, expert-built baseline of configurations with every deployment.    With CIS Hardened Images, organizations strengthen defenses, meet compliance requirements faster, and simplify secure cloud deployments.

• Cost-effective intrusion detection system (IDS) providing automated alerting on both traditional and advanced network threats
• In-depth review of alerts conducted by expert analysts through CIS’s 24x7x365 Security Operations Center (SOC)
• Consolidated, actionable insights and monthly reporting from expert analysts with industry-leading response times.
• Unique SLTT-focused and targeted signature set
• Turnkey solution incorporating 24x7x365 monitoring and management
• Available for both on-premises and cloud environments (AWS and Azure)

• Fully managed, premium endpoint security solution as a service that includes: 
  • Next Generation Antivirus (NGAV)
  • Endpoint Detection and Response (EDR)
  • USB device monitoring
  • Host-based firewall management
  • Advanced Capabilities in GovCloud includes:
    • Asset and application inventory
    • User account monitoring
  • Advanced Capabilities in commercial cloud includes:
    • Application allowlisting and blocklisting
    • Advanced ransomware protection
    • Data loss prevention
• Device-level protection and response is available in both GovCloud (powered by CrowdStrike) and commercial cloud (powered by Sophos) with value-added support and service from CIS.
• Deployed on endpoint devices to identify, detect, respond to, and remediate security incidents and alerts
• 24x7x365 monitoring and management by CIS Security Operations Center (SOC), providing expert human analysis of malicious activity and escalating actionable threats
• Incident response and remote digital forensics support provided by CIS Cyber Incident Response Team (CIRT)

• Cost-effective log and security event monitoring of devices for malicious or anomalous activity including, but not limited to, IDS/IPS, firewalls, switches and routers, servers, endpoints, and web proxies
• Event analysis performed by expert human analysts in the 24x7x365 CIS SOC using the largest cyber threat database specifically for SLTTs
• Analysts eliminate false positives, escalate actionable items to organizations, provide support regarding alerts or notifications received, and deliver comprehensive monthly activity reports
• Users gain visibility into security events, log data, and on-demand reporting through an online portal powered by Accenture

• Network and web application penetration testing utilizing both automated tools and manual techniques
• Identification and exploitation of vulnerabilities through a simulated real-world cyber-attack for risk assignment
• In-depth reporting on vulnerabilities, risk, impact, location, recommendations, and references to mitigate in your environment

• Both network and web application vulnerability assessments available.
• Cost-effective solution to proactively identify and remediate potential attack vectors
• Assessments include network or application discovery and mapping, asset prioritization, manual vulnerability verification, vulnerability assessment reporting, remediation tracking according to business risk, and remediation support
• Available as either single or regularly recurring (quarterly or monthly) assessments

• Leverage technical and socio-psychological techniques to diagnose end user awareness
• Craft unique and customized phishing email content, links and attachments, landing pages, forms to capture user credentials, and personalized content for each target user
• Extensive report detailing assessment’s goals, theory, attack method, concluded results, statistics, campaign effectiveness and conclusions, and recommendations

• Trusted by over 2,500 organizations worldwide, CIS SecureSuite® Membership delivers integrated, battle-tested cybersecurity resources that empower businesses, nonprofits, government agencies, and IT professionals to start secure and stay secure.
• Members gain exclusive access to advanced tools and expert-driven content designed to accelerate the adoption of security best practices — from policy development to hands-on implementation.  Why Organizations Choose CIS SecureSuite® Membership
• Comprehensive Security Resources: 
• CIS Benchmarks™: Access 100+ consensus-developed secure configuration guidelines in multiple formats, covering 25+ major vendor product families. These proven benchmarks harden operating systems, servers, cloud platforms, and more.
• CIS-CAT® Pro: Automatically assess system configurations against CIS Benchmarks and track compliance over time, ensuring continuous alignment with best practices.
• CIS Build Kits™: Deploy ready-to-use automated scripts and templates to remediate vulnerabilities at scale and enforce benchmark recommendations consistently across your environment.
• CIS CSAT® Pro: Measure and manage your organization’s implementation of the CIS Critical Security Controls®, with tools for tracking progress and identifying gaps.
• CIS WorkBench: Collaborate with a global community of security practitioners, customize benchmark recommendations to fit your policies, and gain streamlined access to all member resources.  Recognized Industry Standards 
• CIS Benchmarks™ are recognized worldwide as the gold standard for secure configuration, supporting compliance with PCI DSS, DoD STIGs, FISMA, FedRAMP, and more.
• CIS Critical Security Controls® (CIS Controls) provide a clear, prioritized roadmap for reducing risk and aligning with frameworks such as NIST, CMMC, HIPAA, and PCI DSS.  The Secure Advantage with CIS SecureSuite® Membership: 
• Strengthen defenses against evolving cyber threats.
• Accelerate compliance with key regulatory and industry requirements.
• Reduce complexity by unifying trusted tools, proven frameworks, and a global community of experts.
• Scale security efficiently across diverse IT environments.

• MDBR+ is a quick-to-configure and easy-to-deploy cloud-based protective domain name system (PDNS) service that's available to U.S. State, Local, Tribal and Territorial (SLTT) government organizations and private hospitals. 
• Cloud-based Management Portal: Offers security teams full access to a cloud-based management portal, enabling management and custom configuration from any location at any time. 
• Enhanced Reporting and Visibility: Gives you instant access to real-time reports on blocked activity for every user on your network, allowing for more informed security decisions. 
• Custom Configurations: Puts your organization in the driver's seat of your own web security with the ability to create AUPs, allow/deny lists, and error pages tailored to your unique security needs. 
• Off-network Protection: Even your off-network devices can be protected with the secure PDNS service through an easy-to-deploy lightweight client that can be installed on your organization's devices to protect laptops or mobile devices wherever they connect to the internet.