Re: Using CISecurity Solaris benchmark

From: Chris Calabrese (chris_calabrese_at_yahoo.com)
Date: 01/15/04

Next message: Wendel: "Re: what are the Best Security Conferences to attend"

Previous message: Kooky45: "Using CISecurity Solaris benchmark"
In reply to: Kooky45: "Using CISecurity Solaris benchmark"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 15 Jan 2004 10:50:09 -0800

Neither.

To quote from http://www.cisecurity.org/tou_faq.html
"You and any other person in your organization who downloads the CIS
Benchmarks and Scoring Tools directly from the CIS web site may use
them as resources to help manage the security of your organization's
systems. But there are limitations on what you may do with the
resources you download. You may not sell, lease, or use them to
provide a service or make money for yourself or your organization
(e.g. "commercial purpose"). You may not lend or redistribute them in
any way - so if others in your organization want to use the resources,
they should go to the web site and download the files for their own
use."

Regular membership does allow you to redistibute within your own
company, and there are other membership/licensing levels for
people/companies that want to provide commercial services or products
that make use of the Benchmark. See
http://www.cisecurity.org/tou_faq.html and
http://www.cisecurity.org/commercial_use.html for more details.

The CIS terms-of-use used to be significantly different, however, and
you may have gotten the impression that CIS membership was needed by
looking at the terms-of-use from a very old version of the Solaris
benchmark.

CIS membership also gives you a voice in determining what technologies
CIS will produce future benchmarks for. For exmaple, there was a
recent membership query regarding which distro's the next release of
the Linux benchmark should cover.

--
Chris Calabrese, CISSP, GCIA, GCFA, and
CIS HP-UX Benchmark Team Leader
kenord@hotmail.com (Kooky45) wrote in message news:<223ee064.0401150419.6580d785@posting.google.com>...
> Has anyone gone as far as licening themselves or their company to use
> the CISecurity Solaris security benchmark in a commercial
> organisation?  My UNIX team consists of five people - do I only have
> to get one of them registered as a CIS member so they can all use the
> benchmark, or do they all have to apply?
> 
> Thanks,
> 
> Ken

Next message: Wendel: "Re: what are the Best Security Conferences to attend"

Previous message: Kooky45: "Using CISecurity Solaris benchmark"
In reply to: Kooky45: "Using CISecurity Solaris benchmark"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]