Center for Internet Security (CIS) Membership Benefits
srothman
Member Posts: 68 ■■■□□□□□□□
Hi,
I'm taking a long shot and asking if anyone here is a CIS member, and what tools and resources are made available once you join?
Here is some context;
We are busy building a competency in our organization that will focus primarily on getting assessments done against common frameworks and benchmarks such as NSF and CIS. One thing we are looking for is an assessment platform/tool/resource that will help us get assessments done against the CSC 20.
My question really being, I suppose: Will a membership with the CIS provide us with the necessary tooling to effectively perform this assessment? I've asked the people at CIS, but not getting a response, and also not really keen to get the opinion of someone on their own product.
Bonus question! Any other toolset that will help with such assessments (preferably not a massive Excel sheet we're using at the moment) that you can recommend?
TIA
I'm taking a long shot and asking if anyone here is a CIS member, and what tools and resources are made available once you join?
Here is some context;
We are busy building a competency in our organization that will focus primarily on getting assessments done against common frameworks and benchmarks such as NSF and CIS. One thing we are looking for is an assessment platform/tool/resource that will help us get assessments done against the CSC 20.
My question really being, I suppose: Will a membership with the CIS provide us with the necessary tooling to effectively perform this assessment? I've asked the people at CIS, but not getting a response, and also not really keen to get the opinion of someone on their own product.
Bonus question! Any other toolset that will help with such assessments (preferably not a massive Excel sheet we're using at the moment) that you can recommend?
TIA
Comments
Other than that, many vulnerability scanners have CIS-based templates baked in that can do the same checks. Tenable, Rapid 7, probably Qualys offer this ability to do the same sort of automated checks. I'd go that route before giving CIS money or using a spreadsheet.
Another option is to just role your own tooling. The CIS benchmarks are free to download in PDF format. You could write command line/bash scripts to perform the same checks right from the benchmarks. This is time consuming though.
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP
I believe membership covers a number of things - access to 24/7 SOC (if in US), CIS-RAM to check compliance etc. Check out the link below.
https://www.cisecurity.org/cybersecurity-tools/