Skip to content

Licensing

Documentation Path

You are here: About > Licensing

License

CIS Benchmark CLI is licensed under Apache License 2.0.

Copyright © 2025 The MITRE Corporation

Approved for Public Release; Distribution Unlimited. Case Number 18-3678.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

 http://www.apache.org/licenses/LICENSE-2.0

See the full LICENSE file for complete terms.

Licensing Approach

Tool vs. Content

This software provides format conversion functionality - transforming CIS Benchmark data from HTML to standardized XCCDF XML format.

Under established copyright law, format conversion tools constitute independent works:

  • Tool Copyright: The parsing methodology, transformation logic, and software architecture
  • Content Copyright: CIS Benchmark content remains under CIS's CC BY-NC-SA 4.0 license
  • Legal Basis: Feist Publications v. Rural Telephone, 499 U.S. 340 (1991); 17 U.S.C. § 102(b)

Format conversion utilities (document converters, media transcoders, data export tools) are routinely licensed independently from the content they process. This tool follows that established pattern.

Content Attribution and Compliance

Users of this tool who access CIS Benchmarks content remain subject to CIS's terms of use.

This tool:

  • Requires users to authenticate with CIS WorkBench
  • Does not redistribute CIS content
  • Provides proper attribution to CIS
  • Transforms data format only (no content modification)
  • Links users to CIS terms of use

See NOTICE.md for complete third-party acknowledgments.

Third-Party Content

CIS Benchmarks

CIS Benchmarks are copyright © Center for Internet Security, Inc. and licensed under CC BY-NC-SA 4.0.

Terms of Use: https://workbench.cisecurity.org/terms-of-use

NIST and DISA Content

NIST SP 800-53 security controls and DISA Security Technical Implementation Guides are U.S. Government works in the public domain.

NIST: https://csrc.nist.gov DISA: https://public.cyber.mil/stigs/downloads

References

  • Apache License 2.0: https://www.apache.org/licenses/LICENSE-2.0
  • CIS Terms of Use: https://workbench.cisecurity.org/terms-of-use
  • Feist Publications v. Rural Telephone, 499 U.S. 340 (1991)
  • 17 U.S.C. § 102(b) (Copyright protection does not extend to procedures, processes, systems, methods of operation)