Member Login
login help
Contact Us
24x7 CSIRT

Aggregate Purchase Program for SANS Training

Steeply discounted pricing for exceptional SANS security awareness and technical training is available through REN-ISAC during special aggregate purchase periods. This offer is valid for accredited educational institutions, including universities, colleges, technical training institutes, and K-12 schools, in the United States and Canada.

The next purchasing window is scheduled for December 1, 2015 - January 31, 2016. For details on the specific offerings, visit:

Online Technical Training and GIAC Certification
Securing The Human - End User Awareness Training
Securing The Human - Healthcare
Securing The Human - Developer Training

STH - End User Awareness Training

Webcast to Learn About the Program

On November 30, persons from SANS and REN-ISAC held a webcast to discuss the special offerings. Watch to learn how your institution can improve its security posture through SANS awareness and technical training, and how to take advantage of steeply discounted pricing during the partnership window.

Securing The Human - End User Awareness training (STH) provides extensive employee security awareness training that targets today's weakest link in enterprise security - the human. STH goes beyond just compliance and addresses the most common risks using a proven framework based on the 20 Critical Security Controls. The program contains 24 awareness modules and 19 compliance modules. Each module includes an online assessment. Student progress through the program can be tracked via a site administration web interface. STH is appropriate for small to extremely large numbers of users and is supported in multiple languages.

Training is delivered via SCORM-compliant web video-based modules utilizing the SANS-hosted Virtual Learning Environment (VLE) or internally via your own learning management system (LMS).

STH awareness training addresses numerous standards including PCI DSS, HIPAA, FISMA, ITAR, ISO 27001, and FERPA.

Optional supporting media: Each awareness module has an associated newsletter, poster, and screensaver. These are available for optional purchase. The media are branded with your name, logo and contact info. They are delivered in electronic format. You can use them as much or as little as you wish, for as long as you wish.

Demo accounts are available, giving you the ability to sample the video modules.


STH is purchased according to the number of persons undergoing training. The aggregate-purchase price is $2.10 per person for 1 year, or $3.70 per person for 2 years. The minimum order $2,520 for 1-year purchases or $4,440 for 2-year purchases.

Optional supporting materials, including posters, newsletters, and screensaver costs $3,500 when ordered with the STH videos, or $5,000 without. Samples of the supporting materials are here.

Additional information is available at the SANS Securing The Human main web page

A full list of the training modules and demo short snippets is available here.

I have never seen such high quality training, distilled to a perfected message, and compressed into a timeframe that any organization should willingly commit employee time to taking as a risk reduction strategy.

James A. (Jim) Richards III, West Virginia Chief Information Security

We just purchased the SANS Securing the Human, which I think is the best I have ever seen. In addition it's backed up by SANS extensive experience and knowledge base in infosec.

Karen McDowell, Ph.D., Information Security Analyst, University of Virginia

Securing The Human - Frequently Asked Questions

FAQ answers are courtesy of SANS

Please note that this FAQ is best effort and that answers are subject to change or clarification.

Hosting Environment

How is the training system delivered?

The training can be hosted on your own Learning Management System (LMS) or you can choose to use the SANS hosted LMS which is called the SANS Virtual Learning Environment (VLE).

Is there a price difference between SANS-hosted and hosting on our own LMS?

Integrating into client's LMS will cost an additional $3,000.

Can we append local info to the end of the module?

Changing the SANS modules is a customization effort that has extra cost. Therefore to enable your organization to add their own custom content to the training. You can use two options:

  1. The SANS VLE allows you to add a document that you host on your intranet to the end of each training module. This custom content then becomes part of the required training for that module and is tracked and reported.
  2. Using your own LMS means that SANS will not understand how you have set it up. You will need to ask your LMS Administrator if this can be done.

Our LMS is hosted by a vendor. Would we be able to get a test module so they could load it in to make sure it will work properly?

Yes, we can send you a player with a test module loaded. To do this, contact and request a "test module to try on <name of LMS>".

Is it possible to use the SANS hosted VLE and then migrate to our own-hosted LMS platform?

Yes, if done within the first 3 months. You can download the results data of your current training from the VLE in csv format for import into your own LMS.

Is there information available about integrating STH with our own LMS?

Instead of providing a laundry list of LMS options, the best way to test STH with your own hosted LMS is to ask SANS for a "Test Module". To do this, contact and request a "test module to try on <name of LMS>". This will help you ensure compatibility with any customization you may have made.


Is there a module that addresses FERPA (student education records) issues?

Yes there is such a compliance module. Other education related compliance modules include:

  • Red Flag Rules
  • GLBA
  • Federal Tax Information

How often will the video training modules be updated?

All our security awareness content is mapped to the 20 Critical Controls Security Framework. They are updated as the Human Attack Vectors change but not less than once annually. This doesn't mean that every module is changed just for the sake of changing. They're changed if the attack vector data indicates that they need to be changed.

Are these the only stock videos available?

We currently have a stable of 24 security awareness and 19 compliance modules. As we go through the update process we add new modules as required at that time.

Will new modules that are added to the security awareness library be made available freely to standard license holders?

Yes. Any updates made to the security awareness training will be made available during the license term.

Support Materials

What are the additional training materials that are available and what do they cost?

Each module has an associated Newsletter, Poster and Screensaver. These are branded with your name, logo and contact info. They are delivered in electronic format. You can use them as much or as little as you wish for as long as you wish.

The cost is $5,000 for the entire package if you purchase them on their own. If you purchase them in association with the computer-based training (STH videos), then the cost is $3,500.

Note that future updates to these Newsletters/Posters/Screensavers are NOT covered in this purchase. If, for example, you wish to use the updated newsletters in 18 months time you will have to purchase them again.

Module Quiz

Is there a user assessment piece after each module?

Yes, there are optional quiz questions for each module. The administrator can select which modules they wish to assign a quiz for. This is included as part of the license.

If we select to use the SANS VLE hosting option, can we set the assessment to be required for some grouping of seats but not all seats?


If we select to use the SANS VLE hosting option, can we set the assessment passing grade to be different for each group if they are administering their own seats?



When using the SANS Portal (VLE), can an account have more than one administrator?

Yes, you may have multiple Client Administrators.

When using VLE, is the user load a one-time event or can we load multiple times (e.g., by department)?

Multiple times. The Client Admin can use the User Batch Load process repeatedly.

When using VLE, who provides client support, such as password resets?

Password resets are all automated. SANS provides support to the Client Administrators. This is done by sending an email with the issue to the STH Support Team at SANS does NOT provide LIVE support to Users, other than FAQ.

Can the VLE Admin select which videos are displayed to specific users?

Yes, the VLE Admin can assign any number or all modules to any individual User.

How are content updates delivered to us?

You receive a monthly email and will have several monthsí notice before updates are ready to be delivered. They are usually delivered by download if using your own LMS.

How is license compliance managed?

You are required to have a license for each User that goes through the training. When a user views any portion of the videos in any given license period, that is considered one user license and it can NOT be reassigned to a different user until the beginning of the next license period (i.e. year by year).

It was a little unclear to me how we go about purging out vacated seats at the beginning of a new year? More specifically, how would this be done when using this with our LMS?

Simply contact SANS to confirm that you are purging the old Users and reusing the seats for Year 2.

What are the options for users authenticating and do you support any kind of single sign-on (SSO)?

Single sign using SAML 2.0 is supported by the VLE. There is an additional one-time fee of $2,500 per VLE instance required for SSO integration.

Demo accounts

How long will the VLE Demo Accounts be available?

Demo accounts may be requested at any time by visiting

Can I get a demo for some Chinese, French, Spanish or other language modules?

Yes, you may. Please note that English is included in the standard library for this Aggregated Purchase Period through REN-ISAC. Arabic, French and Spanish are available for an additional fee. Please contact for details.

If there is one Administrator account and three demo user licenses, how are the demo user licenses allocated - can use of them be rotated between agency points of contact?

The User ID is the email that is entered. There is no way to change the User ID. We can provide multiple test administrator accounts, each with 3 users, if needed.

Agreement and Pricing

How is the number of seats determined?

Each person that undergoes training requires a license.

How does this pricing compare to regular pricing for this content?

The pricing you are receiving is comparable to the best large-volume commercial pricing available. Through the SANS Partnership program available to EDUís, we are aggregating all purchases during a specific time period (window of opportunity) to reach the highest possible volume and thus lowest possible cost per seat for everyone who purchases during this window. Through the Aggregate Purchase window, this Partnership pricing is substantially discounted from SANS list pricing - savings in the range of 75%.

Can we get an approximate number of seats and then add to it within the 1 year?

You may add additional users during the license period. Additional user licenses will run concurrent with the existing license period and are subject to a minimum purchase of 250 user seats.

When does the 1 year clock start ticking? At the time of payment, or when the first users are provisioned? I'd like to be able to align the 1yr cycle with our academic yr.

The 1-Year clock must start within 3 months (90 days) from the end of the Aggregated Purchase Period.

How will seat counts be determined for FTEs versus students?

Licenses are measured by the number of Users, not FTEs. Every person who takes the training requires a license for the training.

If an employee leaves can you reassign the seat license in year 1? or year 2?

If the person leaves during Year 1 you can reassign that seat in Year 2. Otherwise NO, you can NOT reassign a seat (user license) within the same year of that license.

If we wanted to display a particular module in a public training forum, is that possible?


Is there a solution for a University that wants to offer it to all staff/faculty/students (and not require it) to allow for self-registration, or would we have to preload accounts/emails?

Using the SANS VLE requires you to pre-load accounts/emails.

What is the turnaround time on invoicing once the PO is sent in?

Typically 24-48 hours but we reserve the right to say up to five (5) business days.

If we buy for Faculty and staff at this time and later decide to buy for all incoming freshman, will the price be the same?

The discounted price is only available during Aggregated Purchase Periods.


How many users have been through the training and what was their reaction?

SANS Securing The Human training programs have been purchased by more than 1300 organizations to date with over 6.5 million licensed users. We have done numerous quality checks with various clients of all sizes, and they are all satisfied and happy with the SANS Securing the Human solution.


What format are the modules in?

The training is accessible through any internet-enabled browser with Adobe Flash installed.

Is STH compliant with ADA (508 compliant)?

Yes. STH videos include both audio and sub-titles.

SANS logo