CIS Workbench Terms of Use

Click here to scroll to SLTT specific terms.


CIS Workbench Community Website

The following are the terms and conditions (the “Terms of Use”) applicable to use of the CIS Workbench Community Website (the "Site"). The Site is used by both volunteer Contributors (as defined herein) assisting with the development and maintenance of the CIS Benchmarks and CIS Controls, and by CIS SecureSuite Members using the Site to access CIS SecureSuite products and services. Please read these Terms of Use carefully and determine which provisions apply to your use of the Site. By registering for or accessing the Site, you agree to be bound by the Terms of Use set forth herein. If you do not agree with the Terms of Use, please do not access the Site.

Throughout the Terms of Use, the terms "we", "us", "our" and "CIS" refer to the Center for Internet Security, Inc. ("CIS") and the term "you" means any visitor to or participant on the Site.

1. Purpose

The Site is operated by CIS, a nonprofit enterprise whose mission is to make the connected world a safer place by developing, validating, and promoting timely best practice solutions that help people, businesses, and governments protect themselves against pervasive cyber threats.”

The purpose of the Site is to develop user originated, consensus-based security resources that will be owned and managed by CIS in accordance with the above stated mission, as well as to provide CIS SecureSuite Members with access to SecureSuite products and services.

2. Registration

As a condition to using the Site, you may be required to register with CIS, select a password and provide a working e-mail address. You may not (a) select or use a profile name, e-mail address, or name of another person with the intent to impersonate that person; or (b) use as a profile name a name subject to any rights of a person other than yourself without appropriate authorization. CIS reserves the right to refuse registration of, or to cancel, an account at its sole discretion. You shall be responsible for maintaining the confidentiality of your password. You are solely responsible for any use of or action taken under your password and accept full responsibility for all activity conducted through your account and agree to and hereby release CIS from any and all liability concerning such activity. You agree to notify CIS immediately of any actual or suspected loss, theft, or unauthorized use of your account or password. Only persons who are 18 years of age or older may register for and use the Site; provided, however, that if you are between the ages of 14-17, you may only register for the Site with the express permission of your parent or legal guardian. By registering for an account for or using the Site, you represent and warrant that you (1) are at least the age of 18, or (2) are over the age of 13 and have the express permission of a parent or legal guardian to register for and use the Site, and you further agree to abide by all of the terms and conditions of these Terms of Use.

3. General Site Use Restrictions

You are responsible for all of your activity in connection with the Site. Any fraudulent, abusive, or otherwise illegal activity or any use of the Site in violation of these Terms of Use may be grounds for termination of your access to the Site. You may not post or transmit to or from, or cause to be posted or transmitted to or from, the Site any communication or solicitation designed or intended to obtain password, account, personal or private, or business-related information from any user. Use of the Site to violate the security of any computer network or system, crack passwords or security encryption codes, transfer or store illegal or inappropriate material including that deemed threatening or obscene, or engage in any kind of illegal activity, is expressly prohibited. Under no circumstances will you use the Site to (a) send unsolicited e-mails, bulk mail, spam or other materials to users of the Site or any other individual, (b) harass, threaten, stalk or abuse any person or party, including other users of the Site, (c) create a false identity or impersonate another person, (d) knowingly post any false, inaccurate or incomplete material, or (e) post, use or transmit any content that you do not have the right to post, use or transmit, i.e., under any intellectual property, confidentiality, privacy or other applicable law or agreement.

4. Third Party Websites

Users of the Site may gain access from the Site to third party sites on the Internet through hypertext or other computer links. Third party sites are not within the supervision or control of CIS. Unless explicitly otherwise provided, CIS makes no representation or warranty whatsoever about any third-party site that is linked to the Site, and CIS does not endorse the products or services offered on any such site. CIS disclaims: (a) all responsibility and liability for content on any third-party websites and (b) any representations or warranties as to the security of any information (including, without limitation, credit card and other personal information) you might be requested to give any third party, and you hereby irrevocably waive any claim against CIS with respect to any such sites and third-party content.

5. Location of the Site

The Site is offered and maintained by CIS from its facilities in the United States of America. If you are registering for, accessing or using the Site from other jurisdictions, you do so at your sole risk and are responsible for compliance with applicable law. CIS makes no representation that the Site is appropriate or available for use in any location.

6. Changes to the Terms of Use

From time to time, CIS may change, remove from, add to or otherwise modify these Terms of Use, and reserves the right to do so in its sole discretion. We encourage you to periodically review the Terms of Use. Notwithstanding the foregoing, no modification to the Terms of Use will apply to any dispute between you and CIS that arose prior to the effective date of any modification. If you do not agree with any modification to the Terms of Use, you must cease use of the Site. Your continued use of the Site after new and/or revised Terms are effective will indicate that you have read, understood and agreed to those Terms.

7. DISCLAIMER OF WARRANTIES

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, CIS OFFERS THE SITE AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE SITE, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. CIS DOES NOT WARRANT THAT THE FUNCTIONS OR CONTENT CONTAINED ON THE SITE WILL BE UNINTERRUPTED OR ERROR-FREE, THAT DEFECTS WILL BE CORRECTED, OR THAT ITS SERVERS ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. CIS DOES NOT WARRANT OR MAKE ANY REPRESENTATION REGARDING USE OR THE RESULT OF USE OF THE CONTENT IN TERMS OF ACCURACY, RELIABILITY, OR OTHERWISE.

8. LIMITATION OF LIABILITY

IN NO EVENT WILL CIS, ITS EMPLOYEES, OFFICERS, DIRECTORS, AFFILIATES OR AGENTS ("THE CIS PARTIES") BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY INCIDENTAL, DIRECT, INDIRECT, PUNITIVE, ACTUAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY OR OTHER DAMAGES, INCLUDING WITHOUT LIMITATION, LOSS OF REVENUE OR INCOME, LOST PROFITS, PAIN AND SUFFERING, EMOTIONAL DISTRESS, COST OF SUBSTITUTE GOODS OR SERVICES, OR SIMILAR DAMAGES SUFFERED OR INCURRED BY YOU OR ANY THIRD PARTY THAT ARISE IN CONNECTION WITH THE SITE (OR THE TERMINATION OF USE THEREOF FOR ANY REASON), EVEN IF THE CIS PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE CIS PARTIES SHALL NOT BE RESPONSIBLE OR LIABLE WHATSOEVER IN ANY MANNER FOR ANY CONTENT POSTED ON THE SITE (INCLUDING CLAIMS OF INFRINGEMENT RELATING TO CONTENT POSTED ON THE SITE), FOR YOUR USE OF THE SITE, OR FOR THE CONDUCT OF THIRD PARTIES ON OR OTHERWISE RELATING TO THE SITE.

9. Indemnification

You agree to indemnify, defend, and hold the CIS Parties harmless from and against any claims, demands, suits, actions, losses, damages or liabilities, and the associated costs and expenses (including reasonable attorneys’ fees) incurred by any of them arising out of or in any way related (directly or indirectly) to your use of the Site or your violation of these Terms of Use.

10. Jurisdiction

You acknowledge and agree that: (1) these Terms of Use will be governed by and construed in accordance with the laws of the State of New York, without regard for conflicts of law principles; (2) any action at law or in equity arising out of or relating to these Terms of Use shall be filed only in the courts located in the State of New York; and (3) you hereby consent and submit to the personal jurisdiction of such courts for the purposes of litigating any such action.

11. Additional Terms Applicable to Contributions

11.1 General Policy

By submitting a Contribution as defined in section ##11.3 below, each person actually submitting the Contribution individually and/or on behalf of a co-Contributor(s) (individually and collectively, a “Contributor”) hereby acknowledges that: he/she has read and understood each provision of these Terms of Use; he/she agrees to comply with the terms and conditions set forth in these Terms of Use; and no further acknowledgment, signature or other action is required to bind a Contributor or co-Contributor to these Terms of Use.

11.2 Intellectual Property Rights

All text, images, and other materials on the Site are either the intellectual property of CIS or are included with the permission of the relevant owner.

11.3 Rights Granted by Contributors to CIS

In support of the above described Purpose, any data, questions, comments, suggestions, ideas, artwork, inventions, flowcharts, developments, concepts, or the like ("Contributions") that you transmit or post to the Site means that you are hereby granting: 1. Other users of the Site rights to reproduce Contributions under Creative Commons Attribution-Noncommercial license (found at http://creativecommons.org/licenses/by-nc/3.0); and 2. CIS a perpetual, irrevocable, non-exclusive, royalty-free, world-wide, sublicensable right and license under all such copyrights, trademark and/or service mark protection and other rights in the Contributions to use, reproduce, prepare derivative works of, sublicense and distribute Contributions and any derivative work made thereof, including the right to reproduce any trademarks, service marks or trade names included in the Contributions and derivative works thereof. If there are any conditions applicable to CIS relative to the use of the trademark, Contributor shall clearly specify such conditions. For purposes of these Terms of Use, any personal information, user profile attribute, Contributor account activity or other related non-personal information provided by a Contributor in the registration process or through the use of the Site does not constitute a Contribution, and is governed by CIS’s Privacy Policy, which can be viewed at www.cisecurity.org/privacy-policy.

11.4 Contributors' Retention of Rights

Although Contributors provide specific rights to CIS, it is not intended that this should deprive Contributors of their right to exploit their Contributions. To underscore this principle, CIS confirms that Contributors may each make use of their Contributions in any way they wish, subject only to the restriction that no Contributor has the right to represent any such work as a CIS work product or equivalent of a CIS work product.

11.5 No Responsibility for Contributions

Contributor acknowledges that transmissions to and from the Site are not confidential and may be read or intercepted by others. Contributor further acknowledges that by submitting Contributions to the Site, no confidential, fiduciary, contractually implied or other relationship is created between Contributor and CIS other than pursuant to these Terms of Use.

11.6 Representations and Warranties

With respect to each Contribution, each Contributor represents that, to the best of his or her knowledge and ability: The Contribution properly acknowledges all Contributors, including any indirect Contributors. He or she has obtained the necessary permissions to submit the Contribution and to grant CIS the rights contained herein from each party that the Contributor reasonably and personally knows may have rights in the Contribution, including, without limitation, the Contributor’s sponsor or employer. No information in the Contribution is subject to any requirement of confidentiality or other restriction on its dissemination, and CIS may freely disclose any information in the Contribution. There are no limits to the Contributor's ability to make the grants, acknowledgments, and agreements herein that are reasonably and personally known to the Contributor. The Contributor has not intentionally included in the Contribution any material that is defamatory or untrue or that is illegal under the laws of the jurisdiction in which the Contributor has his or her principal place of business or residence. All trademarks, trade names, service marks, and other proprietary names used in the Contribution that are reasonably and personally known to the Contributor are clearly designated as such where reasonable.

11.7 No Duty to Publish

The Contributor, and each named co-Contributor, acknowledges that CIS has no duty to publish or otherwise use or disseminate any Contribution. CIS reserves the right to withdraw or cease using any Contribution for whatever reason.

12. Access to CIS SecureSuite Membership Products and Services

The Site provides access to consensus-oriented information security products, services, tools, metrics, suggestions, and recommendations ("SecureSuite Products") for CIS SecureSuite Members, subject to specific terms specified below on the CIS website, unless otherwise agreed to in writing with CIS. Except as otherwise provided herein for US-based SLTT entities, registering with and/or using the Site does not grant you CIS SecureSuite membership status.

Except as otherwise specified herein below or in Section 13, , if you are a CIS SecureSuite Member, your Membership and use of the CIS SecureSuite Products shall be governed by the Product-specific Terms and Conditions agreed upon at purchase; such terms are set forth and referenced below. In the event that you have signed a written agreement with CIS governing your SecureSuite membership, your membership and use of the CIS SecureSuite Products will be governed by the terms of such written agreement. In the event of a conflict between these Terms of Use and either your Product-specific Terms and Conditions or written agreement with CIS, the Product-specific Terms and Conditions or written agreement, as applicable, shall control. If you cannot agree to these terms of use, you should not register with or use the Site and you should contact a CIS SecureSuite Team Member via this form. If you are unsure as what category of membership you are in, please contact a CIS SecureSuite Team Member via this form.

Your category of membership shall govern the Terms and Conditions that govern your membership (click below for links):

If you are a CIS End User Organization Member, your terms can be found here.

If you are a CIS Named Consultant Member, your terms can be found here.

If you are a CIS Services and Consulting Member, your terms can be found here.

If you are a CIS Product Vendor Member, your terms can be found here

A SecureSuite Member has the ability to edit/modify CIS Benchmarks for use within the Member’s organization based upon the Member’s unique internal specifications and requirements (a "Customized Benchmark"). Once a Customized Benchmark is created, Member is prohibited from labeling or identifying such Customized Benchmark as a "CIS Benchmark."

13. Terms of Use Applicable to U.S. Based State, Local, Tribal or Territorial (“SLTT”) Entities for SecureSuite Membership

As an SLTT Member, you are provided a CIS SecureSuite membership, subject to the following terms. If you cannot agree to these terms, please do not register with the Site and contact a CIS SecureSuite representative to review your [email protected].

Academic Institutions (K-12, public and private colleges and universities) can view additional information regarding CIS SecureSuite Membership benefits here.
13.1 SecureSuite Products Provided As Is.

CIS is providing the SecureSuite Products “as is” and “as available” without: (1) any representations, warranties, or covenants of any kind whatsoever, including the absence of any warranty regarding: (a) the effect or lack of effect of any SecureSuite Product on the operation or the security of any network, system, software, hardware, or any component of any of them, and (b) the accuracy, utility, reliability, timeliness, or completeness of any SecureSuite Product); or (2) the responsibility to make or notify you of any corrections, updates, upgrades, or fixes.

13.2 Intellectual Property and Rights Reserved.

You are not acquiring any title or ownership rights in or to any SecureSuite Product, and full title and all ownership rights to the SecureSuite Products remain the exclusive property of CIS. All rights to the SecureSuite Products not expressly granted in these Terms of Use are hereby reserved.

13.3 Restrictions.

You acknowledge and agree that, except as otherwise provided herein, you may not: (1) decompile, dis-assemble, alter, reverse engineer, or otherwise attempt to derive the source code for any software SecureSuite Product that is not already in the form of source code; (2) distribute, redistribute, sell, rent, lease, sublicense or otherwise transfer or exploit any rights to any SecureSuite Product to anyone outside your organization or for any commercial purpose; (3) post any SecureSuite Product on any externally facing website, bulletin board, ftp server, newsgroup, or other similar mechanism or device; (4) remove from or alter any proprietary notices found on any SecureSuite Product; (5) use any SecureSuite Product or any component of an SecureSuite Product with any derivative works based directly on an SecureSuite Product or any component of an SecureSuite Product; (6) represent or claim a particular level of compliance or consistency with any SecureSuite Product; or (7) facilitate or otherwise aid other individuals or entities in violating these Terms of Use.

13.4 Your Responsibility to Evaluate Risks.

You acknowledge and agree that: (1) no network, system, device, hardware, software, or component can be made fully secure; (2) you have the sole responsibility to evaluate the risks and benefits of the SecureSuite Products to your particular circumstances and requirements; and (3) CIS is not assuming any of the liabilities associated with your use of any or all of the SecureSuite Products.

13.5 CIS Liability.

You acknowledge and agree that neither CIS nor any of its employees, officers, directors, agents or other service providers has or will have any liability to you whatsoever (whether based in contract, tort, strict liability or otherwise) for any direct, indirect, incidental, consequential, or special damages that arise out of or are connected in any way with your use of any SecureSuite Product.

13.6 Distribution of SecureSuite Products by Member.

CIS hereby grants to you the right to distribute the SecureSuite Products within Your SLTT entity, whether by manual or electronic means.

13.7 Jurisdiction.

Notwithstanding the terms of Section 10 of these Terms of Use to the contrary, your SecureSuite membership will be governed by the laws of your jurisdiction, without regard to your jurisdiction’s conflicts of law principles.