CIS Benchmarks

Center for Internet Security Benchmarks

Indiana University has a subscription to the Center for Internet Security (CIS) Benchmarks program. IT Pros will find these benchmarks useful in improving the security of systems they maintain. With widespread use of the benchmarks, we'll improve the overall security posture at IU.

The CIS Benchmarks program is a consensus-based set of industry best practices that helps organizations assess and improve the security of their computer systems. CIS provides a number of resources such as configuration benchmarks, automated configuration assessment tools as well as security metrics and security software product certifications.

CIS Security Benchmarks program is an independent authority that facilitates the collaboration of public and private industry experts to achieve consensus on practical and actionable solutions. The resources can be used to help meet compliance requirements for FISMA, PCI-DSS, HIPAA, and other relevant statutes or standards.


Any interested Indiana University employee may register for a user account on the CIS Benchmarks member community site. Employees who want to use the service must register individually for a personal account using their IU email address.

To Register, please go to the CIS register page and enter the requested information. Make sure you do NOT use your IU passphrase. Once you submit the information, you will receive a validation request and once completed, you will receive a notice of your log-in credentials for the member community site.

CIS Benchmarks Resources

You can manage your profile settings by clicking the ‘Profile’ link in the upper right hand corner of the community site. From there you can update your settings such as password, newsletter preference, and your privacy settings.

All member-only resources from PDFs to CIS-CAT to web webcasts can be found under the ‘Downloads’ tab. To Access the member-only resources, log into the community site and click ‘Downloads’.

You can, and are encouraged, to actively participate in member and community areas, such as the Benchmark Wish List, CIS-CAT Beta Testing, CIS-CAT Discussion and Member Site Feedback. From the community site, select ‘Profile’, ‘Options’, and ‘Manage Communities’.

To view the release dates for Benchmarks currently in consensus development, visit CIS Projects. Here you will find a list of active communities, start and projected end dates for each Benchmark consensus effort, Benchmark Team leader(s), open issues and how to get involved in a community.

To learn more about and download the CIS Consensus Metrics and Security Metrics Quick Start Guide, visit CIS Metrics. If you would like to participate in the security metrics initiative, you can join this active community.

To view a complete listing of security software companies that have been awarded CIS Certification and their CIS-Certified software tools, visit CIS Certified.

CIS-CAT is a host-based configuration assessment tool that gives a fast, detailed assessment of target systems' conformance to CIS Benchmarks. It includes both a command-line (CLI) and a graphical user interface (GUI). CIS-CAT is available from the "Downloads" tab.

The first year of membership in the CIS Benchmarks program has been jointly funded by the University Information Security Office (UISO) / University Information Policy Office (UIPO) and Clinical Affairs IT Services (CAITS).