OPS 401 Class 04 - MackD51/CyberReadingNotes GitHub Wiki
System Hardening With CIS Standards
- What are three benefits of following CIS Benchmarks?
Three benefits of following CIS benchmarks are, Promoting Uniformity in Compliance Management, Continuously Updated, Comprehensive Instructions for Securing All IT Infrastructure Components, Efficient and Sustainable Deployment Configurations for Enhanced Operational Performance.
- What are the seven core categories of CIS Benchmarks?
Operating Systems Benchmarks: Guidelines for securing core operating systems like Windows, Linux, and OSX, covering access restrictions, user profiles, driver installations, and browser configurations. Server Software Benchmarks: Recommendations for securing server software such as Windows Server, SQL Server, VMware, Docker, and Kubernetes, including settings for certificates, API servers, admin controls, networking, and storage. Cloud Provider Benchmarks: Guidelines for securing public cloud platforms like AWS, Azure, Google Cloud, and IBM Cloud, covering IAM configurations, logging protocols, network settings, and compliance measures. Mobile Device Benchmarks: Security configurations for mobile operating systems (iOS, Android), focusing on developer options, privacy settings, browser configurations, and app permissions. Network Device Benchmarks: Security guidelines for network devices from vendors like Cisco, Palo Alto Networks, Juniper, etc., including general and vendor-specific recommendations for securing network equipment. Desktop Software Benchmarks: Security configurations for popular desktop software like Microsoft Office, Exchange Server, Chrome, Firefox, and Safari, emphasizing email privacy, server settings, browser defaults, and third-party software controls. Multi-function Print Device Benchmarks: Best practices for securing multi-function printers in office settings, covering firmware updates, TCP/IP configurations, wireless access, user management, and file sharing.
- How would you convince your manager that applying CIS Benchmarks could fast-track your organization’s compliance?
Implementing CIS Benchmarks can expedite our organization's compliance efforts by providing comprehensive, up-to-date security configurations across various IT systems. These benchmarks streamline compliance management, demonstrating our commitment to due diligence and enhancing our overall security posture. By adopting CIS Benchmarks, we can proactively address emerging threats, save time and resources, and strengthen our credibility in audits and assessments.