CIS is a forward-thinking, nonprofit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. Our network monitoring solution (Albert) is a cost effective IDS providing alerts on network threats. CIS Controls and CIS Benchmarks are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continually refined and verified by a volunteer, global community of experienced IT professionals. CIS is home to the Multi-State Information Sharing and Analysis Center (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for state, local, tribal and territorial government entities.


For more information on these products, please view the resources in the tab above.

  • CIS Network Security Monitoring (Albert)
    • IDS monitoring solution providing automated alerting on both traditional and advanced network threats
    • In-depth review of alerts conducted by expert analysts through CIS’s 24x7 Security Operations
    • Highly cost effective service, leveraging open source IDS engine and commodity hardware
    • Outstanding customer service
    • Unique and SLTT focused signature set
    • Fully monitored and managed service
  • Penetration Testing
    • Network and web application penetration testing
    • Identification and exploitation of vulnerabilities for risk assignment
    • Reporting on vulnerabilities, risk, impact, location, recommendations, and references to mitigate in your environment
  • Security Assessment
    • Identification of pre-existing compromises and ensuring the effectiveness of security layers
    • Utilization of the CIS Enumeration and Scanning Program (CIS-ESP) and CIS Configuration Assessment Tool (CIS-CAT)
    • Review active directory, servers, workstations, patching policy, and backup solution
    • Assess firewall configurations, remote access methods, OS levels, wireless network configurations, and administration accounts
  • Phishing Engagements
    • Leverage technical and socio-psychological techniques to diagnose end user awareness
    • Craft unique and customize phishing email content, landing pages, login pages, or surveys
    • Option to add malicious attachments
    • Extensive report detailing what users clicked, how many times, overall organization percentages, and recommendations
  • CIS SecureSuite
    • Used by over 1,000 organizations worldwide, CIS SecureSuite Membership provides integrated cybersecurity resources to help businesses, nonprofits, governmental entities, and IT experts start secure and stay secure.
    • Access to CIS-CAT Pro, a robust system configuration and vulnerability assessment tool with assessor and dashboard components that correspond to CIS Benchmarks (see below)
    • CIS WorkBench, a community website for tech professionals to network, discuss technical concepts, collaborate on cybersecurity projects, and download CIS resources
    • Access to the CIS Controls library
    • PDF/Word/Excel/XML versions of the CIS Benchmarks
    • Remediation content for rapidly implementing CIS Benchmark
      recommendations and much more
      • CIS Benchmarks
        • Proven guidelines will enable you to safeguard operating systems, software and networks that are most vulnerable to cyber attacks. They are continually verified by a volunteer IT community to combat evolving cybersecurity challenges.
        • CIS Benchmarks help safeguard systems, software, and networks against today's evolving cyber threats. Developed by an international community of cybersecurity experts, the CIS Benchmarks are configuration guidelines for over 100 technologies and platforms.
      • CIS Controls
        • IT security leaders use CIS Controls to quickly establish the protections providing the highest payoff in their organizations. They guide IT professionals through a series of 20 foundational and advanced cybersecurity actions, where the most common attacks can be eliminated.
        • The CIS Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. The CIS Controls are a relatively short list of high-priority, highly effective defensive actions that provide a "must-do, do-first" starting point for every organization looking to improve its cybersecurity posture.


GSA Schedule Contracts

GSA Schedule 70

GSA Schedule 70 GSA Schedule No. GS-35F-0119Y Term: December 20, 2011- December 19, 2021

State & Local Contracts

City of Seattle Contract

Contract #0000003265 Term: December 19, 2021


Contract # CMAS 3-12-70-2247E Term: through March 31, 2022

Ohio State Contract- 534354

Contract # 534354 Term: December 19, 2021


Contract Number: UVA1482501 Term: May 2, 2014– December 19, 2021



The Center for Internet Security (CIS), through the Multi-State Information Sharing & Analysis Center (MS-ISAC) offers network security monitoring services through a solution referred to as Albert.

The Center for Internet Security (CIS) offers both network and web application penetration testing services. These services simulate a real-world cyber attack, allowing organizations to safely review the security posture of their web applications and networking devices. Taking

Organizations are under constant attack, targeted by well-funded criminals and nation-state actors. These groups use sophisticated attacks that often go undetected by many standard signature-based defense mechanisms. Because of this, organizations are often compromised for long periods of time—in ...

Despite the most sophisticated plans to protect network infrastructure and company data, no organization can predict every employee’s cybersecurity education level or previous experiences. Phishing is a user-centric attack technique that combines technical and socio-psychological techniques to enc...

Used by over 1,000 businesses and government entities worldwide to defend against cyber attacks, CIS SecureSuite Membership provides users access to a host of integrated cybersecurity resources.