Overview

CIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. The CIS Controls™ and CIS Benchmarks™ are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. Our CIS Hardened Images are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud. CIS is home to both the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center™ (EI-ISAC™), which supports the cybersecurity needs of U.S. State, Local and Territorial elections offices.

Products

For more information on these products, please view the resources in the tab above.

  • CIS Network Security Monitoring (Albert)
    • IDS monitoring solution providing automated alerting on both traditional and advanced network threats
    • In-depth review of alerts conducted by expert analysts through CIS’s 24x7 Security Operations
    • Highly cost effective service, leveraging open source IDS engine and commodity hardware
    • Outstanding customer service
    • Unique and SLTT focused signature set
    • Fully monitored and managed service
  • Penetration Testing
    • Network and web application penetration testing
    • Identification and exploitation of vulnerabilities for risk assignment
    • Reporting on vulnerabilities, risk, impact, location, recommendations, and references to mitigate in your environment
  • Security Assessment
    • Identification of pre-existing compromises and ensuring the effectiveness of security layers
    • Utilization of the CIS Enumeration and Scanning Program (CIS-ESP) and CIS Configuration Assessment Tool (CIS-CAT)
    • Review active directory, servers, workstations, patching policy, and backup solution
    • Assess firewall configurations, remote access methods, OS levels, wireless network configurations, and administration accounts
  • Phishing Engagements
    • Leverage technical and socio-psychological techniques to diagnose end user awareness
    • Craft unique and customize phishing email content, landing pages, login pages, or surveys
    • Option to add malicious attachments
    • Extensive report detailing what users clicked, how many times, overall organization percentages, and recommendations
  • CIS SecureSuite
    • Used by over 1,700 organizations worldwide, CIS SecureSuite® Membership provides integrated cybersecurity resources to help businesses, nonprofits, governmental entities, and IT experts start secure and stay secure.
    • Access to CIS-CAT Pro, a robust system configuration and vulnerability assessment tool with assessor and dashboard components that correspond to CIS Benchmarks (see below)
    • CIS WorkBench, a community website for tech professionals to network, discuss technical concepts, collaborate on cybersecurity projects, and download CIS resources
    • Access to the CIS Controls library
    • PDF/Word/Excel/XML versions of the CIS Benchmarks
    • Remediation content for rapidly implementing CIS Benchmark
      recommendations and much more
      • CIS Benchmarks
        • Proven guidelines will enable you to safeguard operating systems, software and networks that are most vulnerable to cyber attacks. They are continually verified by a volunteer IT community to combat evolving cybersecurity challenges.
        • CIS Benchmarks help safeguard systems, software, and networks against today's evolving cyber threats. Developed by an international community of cybersecurity experts, the CIS Benchmarks are configuration guidelines for over 100 technologies and platforms.
      • CIS Controls
        • IT security leaders use CIS Controls to quickly establish the protections providing the highest payoff in their organizations. They guide IT professionals through a series of 20 foundational and advanced cybersecurity actions, where the most common attacks can be eliminated.
        • The CIS Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. The CIS Controls are a relatively short list of high-priority, highly effective defensive actions that provide a "must-do, do-first" starting point for every organization looking to improve its cybersecurity posture.

Contracts

GSA Schedule Contracts

GSA Schedule 70

GSA Schedule 70 GSA Schedule No. GS-35F-0119Y Term: December 20, 2011- December 19, 2021


State & Local Contracts

City of Seattle Contract

Contract #0000003265 Term: December 19, 2021

CMAS

Contract # CMAS 3-12-70-2247E Term: through March 31, 2022

Ohio State Contract- 534354

Contract # 534354 Term: December 19, 2021

VASCUPP

Contract Number: UVA1482501 Term: May 2, 2014– December 19, 2021


Events

Archived Events

Resources

SELECT Resource_ID, Title, Vendor, Vertical, Type, DateAdded, Path, Linktype, InvisibleBit, FeaturedEnd, FeaturedBit, Description, CustomLogo, LegacyLink, Form FROM Resources WHERE Vendor = ? AND InvisibleBit = 0 ORDER BY FeaturedBit DESC, Type ASC

Featured

Albert is a unique network monitoring solution that provides automated alerts on both traditional and advanced network threats. Albert is a cost-effective IDS monitoring solution with a unique, SLTT-focused signature set that is monitored by a 24x7 Security Operations Center (SOC).

How cybersecurity and elections intersect and why it matters. To enable the elections that define democracy, we must protect the security and reliability of elections infrastructure. Through a best practices approach, we aim to help organizations involved in elections better understand what to focus...

CIS® (Center for Internet Security, Inc.) offers both network and web application penetration testing services. These services simulate a real-world cyber attack, allowing organizations to safely review the security posture of their web applications and networking devices.

Organizations are under constant attack, targeted by well-funded criminals and nation-state actors. These groups use sophisticated attacks that often go undetected by many standard signature-based defense mechanisms. Because of this, organizations are often compromised for long periods of time—in ...

Despite the most sophisticated plans to protect network infrastructure and company data, no organization can predict every employee’s cybersecurity education level or previous experiences. Phishing is a user-centric attack technique that combines technical and socio-psychological techniques to enc...

CIS_Master_Logo_N0_BG_RGB_R.PNG
Resources
Used by over 1,700 businesses and government entities worldwide to defend against cyber attacks, CIS SecureSuite Membership provides users access to a host of integrated cybersecurity resources.

CIS offers network security monitoring services through a solution referred to as Albert. Albert provides network security alerts for both traditional and advanced network threats, helping organizations identify malicious activity. This cost-effective Intrusion Detection System (IDS) uses open sourc...

CIS and the Elections Infrastructure ISAC have worked collaboratively with election officials and their teams to provide an election-focused cyber defense suite and "A Handbook for Elections Infrastructure Security" to help both technical and non-technical individuals assess, plan, and execute on pr...