The Center for Internet Security Membership Discount

Colleges and universities that are EDUCAUSE Institutional Members receive a 50 percent discount on the fee they pay to become members of the Center for Internet Security (CIS). The CIS Category 3 membership fee (for end-user organizations that have 100 or more employees) is $9,000 per year; however, the annual CIS membership fee for institutional members of EDUCAUSE is discounted to $4,500. The discount is a benefit of the partnership between the Center for Internet Security and EDUCAUSE.

For more information about the discounted membership available to EDUCAUSE Institutional Members, please visit the CIS Web site.

Purpose of the Partnership

Through our partnership, EDUCAUSE and CIS seek to:

Encourage adoption of widely accepted consensus standards (the CIS benchmarks) for system security configuration in colleges and universities.
Expand participation in the CIS consensus development process by security specialists at EDUCAUSE member institutions to ensure that needs unique to colleges and universities are met.
Establish baseline standards for security configuration that can be presented to software vendors and hardware suppliers as default security configurations for systems that colleges and universities purchase.
Provide configuration standards that buyers can use when requiring application software developers and vendors to demonstrate full application functionality on hardened (configured) software platforms.

About the Center for Internet Security (CIS)

The members of CIS are an international group of security professionals from public and private organizations who are collaborating to develop consensus security-configuration benchmarks for the most widely used operating systems, software applications, and network devices.

The benchmarks are widely accepted, user-originated standards for minimum due care and best-practice security configuration. They are developed and kept up-to-date via a consensus process involving thousands of security specialists from end-user and consulting organizations worldwide.

CIS scoring tools provide a quick and easy way to evaluate the level of a system's security by comparing its current configuration to the consensus benchmarks. Scoring tool reports guide users in securing both new installations and production systems and can be used to monitor systems' conformity with the benchmark configurations.

CIS distributes the benchmarks and scoring tools to all users free of charge; however, their use in large organizations is limited because the CIS Terms of Use restrict their redistribution. Members of CIS have unrestricted right to distribute the benchmarks and scoring tools throughout their organizations.

For more information, visit the CIS Web site, where you can find also details about the benefits of CIS membership.

Resources Recommended by CIS

Using CIS Configuration Benchmarks in Higher Ed Environments, a presentation by Randy Marchany (Virginia Tech) and John Banghart (the Center for Internet Security) at the Security Professionals Conference 2005 that describes how to use the CIS tools to assess and measurably improve the security configuration status of college and university IT systems and networks.

Information Assurance Newsletter (Volume 5, Number 3, 2002) contains three articles that describe the CIS consensus benchmarks and summarize research conducted by the National Security Agency, which demonstrates that the benchmark for Windows blocks more than 90 percent of known vulnerabilities in the operating system.

HunTel.net of Nebraska is a well-documented case study about the degree to which configuration of an ISP's Web servers based on the consensus benchmarks dramatically improved their security configuration and reduced risk to known vulnerabilities. This case study is an effective how-to process model and a real-world example rather than a research report.

Case Study in Business Information Security (a PowerPoint presentation, delivered at an AICPA conference) is similar to the HunTel.net case study, except that it is much more extensive and deals with a large financial institution.

Resources Annual Security Video Contest Cybersecurity Awareness Resource Library Confidential Data Handling Blueprint Data Incident Notification Toolkit Publications and Reports Recent Presentations Resource Kit for National Cyber Security Awareness Month The Center for Internet Security Membership Discount		The Center for Internet Security Membership Discount Colleges and universities that are EDUCAUSE Institutional Members receive a 50 percent discount on the fee they pay to become members of the Center for Internet Security (CIS). The CIS Category 3 membership fee (for end-user organizations that have 100 or more employees) is $9,000 per year; however, the annual CIS membership fee for institutional members of EDUCAUSE is discounted to $4,500. The discount is a benefit of the partnership between the Center for Internet Security and EDUCAUSE. For more information about the discounted membership available to EDUCAUSE Institutional Members, please visit the CIS Web site. Purpose of the Partnership Through our partnership, EDUCAUSE and CIS seek to: Encourage adoption of widely accepted consensus standards (the CIS benchmarks) for system security configuration in colleges and universities. Expand participation in the CIS consensus development process by security specialists at EDUCAUSE member institutions to ensure that needs unique to colleges and universities are met. Establish baseline standards for security configuration that can be presented to software vendors and hardware suppliers as default security configurations for systems that colleges and universities purchase. Provide configuration standards that buyers can use when requiring application software developers and vendors to demonstrate full application functionality on hardened (configured) software platforms. About the Center for Internet Security (CIS) The members of CIS are an international group of security professionals from public and private organizations who are collaborating to develop consensus security-configuration benchmarks for the most widely used operating systems, software applications, and network devices. The benchmarks are widely accepted, user-originated standards for minimum due care and best-practice security configuration. They are developed and kept up-to-date via a consensus process involving thousands of security specialists from end-user and consulting organizations worldwide. CIS scoring tools provide a quick and easy way to evaluate the level of a system's security by comparing its current configuration to the consensus benchmarks. Scoring tool reports guide users in securing both new installations and production systems and can be used to monitor systems' conformity with the benchmark configurations. CIS distributes the benchmarks and scoring tools to all users free of charge; however, their use in large organizations is limited because the CIS Terms of Use restrict their redistribution. Members of CIS have unrestricted right to distribute the benchmarks and scoring tools throughout their organizations. For more information, visit the CIS Web site, where you can find also details about the benefits of CIS membership. Resources Recommended by CIS Using CIS Configuration Benchmarks in Higher Ed Environments, a presentation by Randy Marchany (Virginia Tech) and John Banghart (the Center for Internet Security) at the Security Professionals Conference 2005 that describes how to use the CIS tools to assess and measurably improve the security configuration status of college and university IT systems and networks. Information Assurance Newsletter (Volume 5, Number 3, 2002) contains three articles that describe the CIS consensus benchmarks and summarize research conducted by the National Security Agency, which demonstrates that the benchmark for Windows blocks more than 90 percent of known vulnerabilities in the operating system. HunTel.net of Nebraska is a well-documented case study about the degree to which configuration of an ISP's Web servers based on the consensus benchmarks dramatically improved their security configuration and reduced risk to known vulnerabilities. This case study is an effective how-to process model and a real-world example rather than a research report. Case Study in Business Information Security (a PowerPoint presentation, delivered at an AICPA conference) is similar to the HunTel.net case study, except that it is much more extensive and deals with a large financial institution.
		© Copyright 1999-2008 EDUCAUSE Need Help? \| Feedback \| Privacy Policy
	Unless otherwise noted, EDUCAUSE holds the copyright on all materials published by the association, whether in print or electronic form. In certain cases the work remains the intellectual property of the individual author(s) (see Special Circumstances).