The Center for Internet Security (CIS) is a nonprofit organization dedicated to making the connected world a safer place for people, businesses, and governments. Its mission is to identify, develop, validate, promote, and sustain best practice solutions for cyber defense. CIS leads a global community of IT professionals to continuously evolve its standards and provides products and services to proactively safeguard against emerging threats.
CIS is globally recognized for its CIS Controls® and CIS Benchmarks™, which are considered best practices for securing IT systems and data. The organization is known for its collaborative, community-driven approach, bringing together experts from academia, government, and the private sector to develop and maintain its security guidelines. This collaborative effort has established CIS as a trusted resource for cyber threat prevention, protection, response, and recovery. CIS is also home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), a vital resource for U.S. State, Local, Tribal, and Territorial government entities.
Offerings, Capabilities, and Integrations
The Center for Internet Security (CIS) provides a comprehensive set of cybersecurity best practices and tools that are globally recognized. Its offerings are developed through a consensus-based process, bringing together a global community of cybersecurity experts from government, industry, and academia. This collaborative approach ensures the resources are practical, relevant, and address emerging cyber threats. The core of its offerings, the CIS Controls and CIS Benchmarks, provide prioritized and prescriptive guidance to help organizations of all sizes strengthen their cybersecurity posture. A key competitive advantage for the Center for Internet Security is that its benchmarks and controls map to many major regulatory and security frameworks, such as NIST, PCI DSS, HIPAA, and ISO 27001, which helps organizations meet compliance requirements. This focus on actionable and consensus-driven guidance has established the Center for Internet Security as a trusted and authoritative source for cybersecurity best practices.
Products and Services
- CIS Controls: This is a flagship offering of the Center for Internet Security. The CIS Controls are a prioritized set of 18 foundational and advanced cybersecurity best practices. They provide a clear roadmap for organizations to defend against common cyber-attack vectors.
- CIS Benchmarks: Another flagship product, the CIS Benchmarks are detailed, vendor-specific configuration guidelines for a wide range of technologies. With over 100 benchmarks covering more than 25 product families, these guides provide prescriptive steps to securely configure operating systems, cloud services, network devices, and more.
- CIS SecureSuite Membership: This membership provides organizations with access to a suite of tools and resources to help implement the CIS Controls and CIS Benchmarks. Members receive access to tools like CIS-CAT Pro, which automates the process of checking system configurations against the CIS Benchmarks, and CIS Build Kits, which are templates for securely configuring systems.
- CIS Hardened Images: These are securely configured virtual machine images that comply with CIS Benchmarks. Available on major cloud marketplaces like AWS, Azure, and Google Cloud, they provide a secure baseline for deploying applications in the cloud.
- Multi-State Information Sharing and Analysis Center (MS-ISAC): Operated by CIS, the MS-ISAC is a central resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities.
- Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC): Also operated by CIS, the EI-ISAC is dedicated to improving the cybersecurity posture of election offices across the United States.
- CIS CyberMarket: This is a procurement program that offers cost-effective cybersecurity tools and services to U.S. SLTT governments, nonprofit organizations, and public education and health institutions.
Target Customers
The Center for Internet Security serves a broad range of customers across various sectors. Its target customers include private and public sector organizations of all sizes, from small businesses to large enterprises. Specific market segments that are key targets for the Center for Internet Security include government agencies at the federal, state, and local levels, as well as academic institutions. Heavily regulated industries such as healthcare and financial services also represent a significant portion of its customer base, as these organizations can leverage CIS resources to help meet their compliance obligations with regulations like HIPAA and PCI DSS. These target customers benefit from the Center for Internet Security’s products and services by gaining access to a prioritized, consensus-based set of cybersecurity best practices that help them reduce their attack surface, achieve regulatory compliance, and improve their overall security posture.
Cloud Integrations and Marketplaces
Center for Internet Security (CIS) offers its CIS Hardened Images on the major cloud marketplaces. These are virtual machine images that are pre-configured to meet the security recommendations of the CIS Benchmarks. Using these images helps organizations deploy secure instances based on industry best practices.
- Amazon Web Services (AWS) Marketplace: Center for Internet Security provides CIS Hardened Images on the AWS Marketplace. These images are designed to help cloud users meet their security responsibilities under the AWS Shared Responsibility Model. The offerings are available in the commercial AWS Marketplace, AWS GovCloud (US), and the AWS Marketplace for the U.S. Intelligence Community. Center for Internet Security is an AWS Independent Software Vendor (ISV) partner.
- Microsoft Azure Marketplace: Center for Internet Security lists CIS Hardened Images on the Microsoft Azure Marketplace. These images are certified by Microsoft to run on Azure and have been pre-tested for compatibility. The images are also available on Azure Government. Center for Internet Security and Microsoft partnered to develop the CIS Microsoft Azure Platform Foundations Benchmark.
- Google Cloud Marketplace: Center for Internet Security makes CIS Hardened Images available on the Google Cloud Marketplace. These images, built on Google’s Shielded VM technology, are preconfigured to the security baselines prescribed by the corresponding CIS Benchmark. The images support various operating systems, including Windows and Linux distributions.
Key People
- President and Chief Executive Officer: John M. Gilligan
- Chief Operating Officer: Gina Chapman
- Executive VP and General Manager of Sales & Business Services: Alan Stoddard
- Chief Financial Officer: Albert Szesnat
- Chief Information Officer: Angelo Marcotullio
- Chief Human Resources Officer: Carolyn Comer
- Executive Vice President and General Manager, Security Best Practices: Curtis W. Dukes
- Executive Director – Program for Countering Hybrid Threats: John Cohen
- Executive Director, Cybersecurity Services Organization: Lee Noriega
- General Counsel and Chief Legal Officer: Lisa Greene
- Senior VP & Chief Engineer: Marcus H. Sachs
- Chief Information Security Officer: Sean Atkinson
Key Facts
- Headquarters: East Greenbush, New York.
- Number of Employees: 400-500.
- Annual Revenue: $133 Million.
- Parent Company: None.
- Subsidiary Companies: None.
- Publicly Listed: No.
Analyst Recognition
Based on publicly available information, the Center for Internet Security is not formally included in market analysis reports by Gartner, Forrester, IDC, or Everest Group. These analyst firms typically evaluate commercial vendors of technology products and services, whereas the Center for Internet Security is a non-profit organization focused on providing cybersecurity best practices.
