Overview

CIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. The CIS Controls® and CIS Benchmarks™ are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. Our CIS Hardened Images® are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud. CIS is home to both the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the cybersecurity needs of U.S. State, Local and Territorial elections offices.

Products

For more information on these products, please view the resources in the tab above.

  • CIS Hardened Images®
    • CIS Hardened Images are securely pre-configured virtual machine images hardened according to the globally recognized security configuration recommendations of the CIS Benchmarks to the cloud. They provide a secure, on-demand and scalable computing environment.
    • More secure than a standard image, hardened virtual images reduce system vulnerabilities to help protect against denial of service, unauthorized data access, and other cyber threats.
    • Each CIS Hardened Image includes a report showing conformance to the applicable CIS Benchmark.
    • Offered for seven different virtual machine versions of Linux: Amazon, CentOS, Debian, Oracle, Red Hat, SUSE and Ubuntu - as well as Microsoft Windows Server.
    • Available to spin up immediately from AWS Marketplace including AWS GovCloud (US) region and AWS for the IC, Azure Marketplace including Azure Government, and Google Cloud Platform.
  • CIS Network Security Monitoring (Albert)
    • IDS monitoring solution providing automated alerting on both traditional and advanced network threats
    • In-depth review of alerts conducted by expert analysts through CIS’s 24x7 Security Operations
    • Highly cost effective service, leveraging open source IDS engine and commodity hardware
    • Outstanding customer service
    • Unique and SLTT focused signature set
    • Fully monitored and managed service
  • Penetration Testing
    • Network and web application penetration testing
    • Identification and exploitation of vulnerabilities for risk assignment
    • Reporting on vulnerabilities, risk, impact, location, recommendations, and references to mitigate in your environment
  • Security Assessment
    • Identification of pre-existing compromises and ensuring the effectiveness of security layers
    • Utilization of the CIS Enumeration and Scanning Program (CIS-ESP) and CIS Configuration Assessment Tool (CIS-CAT)
    • Review active directory, servers, workstations, patching policy, and backup solution
    • Assess firewall configurations, remote access methods, OS levels, wireless network configurations, and administration accounts
  • Phishing Engagements
    • Leverage technical and socio-psychological techniques to diagnose end user awareness
    • Craft unique and customize phishing email content, landing pages, login pages, or surveys
    • Option to add malicious attachments
    • Extensive report detailing what users clicked, how many times, overall organization percentages, and recommendations
  • CIS SecureSuite
    • Used by over 1,700 organizations worldwide, CIS SecureSuite® Membership provides integrated cybersecurity resources to help businesses, nonprofits, governmental entities, and IT experts start secure and stay secure.
    • Access to CIS-CAT® Pro, a robust system configuration and vulnerability assessment tool with assessor and dashboard components that correspond to CIS Benchmarks (see below)
    • CIS WorkBench, a community website for tech professionals to network, discuss technical concepts, collaborate on cybersecurity projects, and download CIS resources
    • Access to the CIS Controls® library
    • PDF/Word/Excel/XML versions of the CIS Benchmarks™
    • Remediation content for rapidly implementing CIS Benchmark™
      recommendations and much more
      • CIS Benchmarks™
        • Proven guidelines will enable you to safeguard operating systems, software and networks that are most vulnerable to cyber attacks. They are continually verified by a volunteer IT community to combat evolving cybersecurity challenges.
        • CIS Benchmarks™ help safeguard systems, software, and networks against today's evolving cyber threats. Developed by an international community of cybersecurity experts, the CIS Benchmarks™ are configuration guidelines for over 100 technologies and platforms.
      • CIS Controls®
        • IT security leaders use CIS Controls® to quickly establish the protections providing the highest payoff in their organizations. They guide IT professionals through a series of 20 foundational and advanced cybersecurity actions, where the most common attacks can be eliminated.
        • The CIS Controls® are a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. The CIS Controls® are a relatively short list of high-priority, highly effective defensive actions that provide a "must-do, do-first" starting point for every organization looking to improve its cybersecurity posture.

Upcoming Events

Contracts

GSA Schedule Contracts

GSA Schedule 70

GSA Schedule 70 GSA Schedule No. GS-35F-0119Y Term: December 20, 2011- December 19, 2021


State & Local Contracts

City of Seattle Contract

Contract #0000003265 Term: December 19, 2021

CMAS

Contract # CMAS 3-12-70-2247E Term: through March 31, 2022

VASCUPP

Contract Number: UVA1482501 Term: May 2, 2014– December 19, 2021


Resources

SELECT Resource_ID, Title, Vendor, Vertical, Type, DateAdded, Path, Linktype, InvisibleBit, FeaturedEnd, FeaturedBit, Description, CustomLogo, LegacyLink, Form FROM Resources WHERE Vendor = ? AND InvisibleBit = 0 ORDER BY FeaturedBit DESC, Type ASC

Featured

Albert is a unique network monitoring solution that provides automated alerts on both traditional and advanced network threats. Albert is a cost-effective IDS monitoring solution with a unique, SLTT-focused signature set that is monitored by a 24x7 Security Operations Center (SOC).

How cybersecurity and elections intersect and why it matters. To enable the elections that define democracy, we must protect the security and reliability of elections infrastructure. Through a best practices approach, we aim to help organizations involved in elections better understand what to focus...

CIS® (Center for Internet Security, Inc.) offers both network and web application penetration testing services. These services simulate a real-world cyber attack, allowing organizations to safely review the security posture of their web applications and networking devices.

Organizations are under constant attack, targeted by well-funded criminals and nation-state actors. These groups use sophisticated attacks that often go undetected by many standard signature-based defense mechanisms. Because of this, organizations are often compromised for long periods of time—in ...

Despite the most sophisticated plans to protect network infrastructure and company data, no organization can predict every employee’s cybersecurity education level or previous experiences. Phishing is a user-centric attack technique that combines technical and socio-psychological techniques to enc...

CIS_Master_Logo_N0_BG_RGB_R.PNG
Resources
Used by over 1,700 businesses and government entities worldwide to defend against cyber attacks, CIS SecureSuite Membership provides users access to a host of integrated cybersecurity resources.

As server workloads are increasingly deployed on public cloud platforms, organizations are experiencing a range of security and compliance challenges, including attempted exploits. Hardening servers based on accepted industry benchmarks is a cybersecurity best practice that reduces vulnerabilities.

CIS Hardened Images are securely preconfigured virtual machine images hardened according to the globally recognized security configuration recommendations of the CIS Benchmarks to the cloud. Learn more about the benefits of using CIS Hardened Images.

CIS offers network security monitoring services through a solution referred to as Albert. Albert provides network security alerts for both traditional and advanced network threats, helping organizations identify malicious activity. This cost-effective Intrusion Detection System (IDS) uses open sourc...

CIS and the Elections Infrastructure ISAC have worked collaboratively with election officials and their teams to provide an election-focused cyber defense suite and "A Handbook for Elections Infrastructure Security" to help both technical and non-technical individuals assess, plan, and execute on pr...