1

CIS Benchmark is freely distributed under creative commons licence which says "use as is".

CIS has several assessment and hardening tools based on their benchmarks and all of them are paid.

My question is - can I create a commercial product - assessment and hardening software that follows the CIS Benchmarks and can claim to be CIS Benchmark compliant?

Their terms of use are mentioned here: https://www.cisecurity.org/terms-and-conditions-table-of-contents

Creative Common License Link: https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode

Philip Kendall
  • 19,156
  • 1
  • 57
  • 82
PC.
  • 121
  • 5
  • 2
    Please post a link to the exact license. – Philip Kendall Oct 15 '23 at 13:04
  • 5
    I’m voting to close this question because it refers to one of the CC-NC licenses which are not open source licenses as defined by this site. – Philip Kendall Oct 16 '23 at 10:15
  • If you're just using the software (e.g. to test/benchmark your product), but if you never incorporate parts of the Benchmark software itself into your product, then the license of the tool itself is not that relevant to your product. For example, many developers use Microsoft Windows (a proprietary system) and they develop, debug, and test their programs on it, but the license of those developed programs is their own choice, provided they're not incorporating proprietary Microsoft code into those programs. – Brandin Oct 17 '23 at 07:56

1 Answers1

2

The creative common license you link to is the 'Attribution-NonCommercial-ShareAlike 4.0 International'. That obviously has the word 'non-commercial' in it. So no, you cannot base a commercial solution on it without violation of the license.

You also cannot base an open-source product on it, as open source implies the grant for any use, thus also for commercial use. And that somewhat sadly makes the question off-topic for an open source site.

planetmaker
  • 11,042
  • 1
  • 28
  • 47
  • 1
    I agree with all the above, but the OP was asking whether (s)he can independently create a product which embodies, and/or evaluates a system according to, those CC-BY-NC-licensed guidelines, which I am less sure about, and which might have been an interesting question. However, since the product (s)he wants to create is also non-free, I also completely agree the question is off-topic here. – MadHatter Oct 17 '23 at 13:49