CIS is a forward-thinking, nonprofit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. Our network monitoring solution (Albert) is a cost effective IDS providing alerts on network threats. CIS Controls and CIS Benchmarks are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continually refined and verified by a volunteer, global community of experienced IT professionals. CIS is home to the Multi-State Information Sharing and Analysis Center (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for state, local, tribal and territorial government entities.


  • CIS Network Security Monitoring (Albert)
    • IDS monitoring solution providing automated alerting on both traditional and advanced network threats
    • In-depth review of alerts conducted by expert analysts through CIS’s 24x7 Security Operations
    • Highly cost effective service, leveraging open source IDS engine and commodity hardware
    • Outstanding customer service
    • Unique and SLTT focused signature set
    • Fully monitored and managed service
  • Penetration Testing
    • Network and web application penetration testing
    • Identification and exploitation of vulnerabilities for risk assignment
    • Reporting on vulnerabilities, risk, impact, location, recommendations, and references to mitigate in your environment
  • Security Assessment
    • Identification of pre-existing compromises and ensuring the effectiveness of security layers
    • Utilization of the CIS Enumeration and Scanning Program (CIS-ESP) and CIS Configuration Assessment Tool (CIS-CAT)
    • Review active directory, servers, workstations, patching policy, and backup solution
    • Assess firewall configurations, remote access methods, OS levels, wireless network configurations, and administration accounts
  • Phishing Engagements
    • Leverage technical and socio-psychological techniques to diagnose end user awareness
    • Craft unique and customize phishing email content, landing pages, login pages, or surveys
    • Option to add malicious attachments
    • Extensive report detailing what users clicked, how many times, overall organization percentages, and recommendations
  • CIS SecureSuite
    • Used by over 1,000 organizations worldwide, CIS SecureSuite Membership provides integrated cybersecurity resources to help businesses, nonprofits, governmental entities, and IT experts start secure and stay secure.
    • Access to CIS-CAT Pro, a robust system configuration and vulnerability assessment tool with assessor and dashboard components that correspond to CIS Benchmarks (see below)
    • CIS WorkBench, a community website for tech professionals to network, discuss technical concepts, collaborate on cybersecurity projects, and download CIS resources
    • Access to the CIS Controls library
    • PDF/Word/Excel/XML versions of the CIS Benchmarks
    • Remediation content for rapidly implementing CIS Benchmark
      recommendations and much more
      • CIS Benchmarks
        • Proven guidelines will enable you to safeguard operating systems, software and networks that are most vulnerable to cyber attacks. They are continually verified by a volunteer IT community to combat evolving cybersecurity challenges.
        • CIS Benchmarks help safeguard systems, software, and networks against today's evolving cyber threats. Developed by an international community of cybersecurity experts, the CIS Benchmarks are configuration guidelines for over 100 technologies and platforms.
      • CIS Controls
        • IT security leaders use CIS Controls to quickly establish the protections providing the highest payoff in their organizations. They guide IT professionals through a series of 20 foundational and advanced cybersecurity actions, where the most common attacks can be eliminated.
        • The CIS Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. The CIS Controls are a relatively short list of high-priority, highly effective defensive actions that provide a "must-do, do-first" starting point for every organization looking to improve its cybersecurity posture.