CIS Benchmarks

CIS benchmarks are a set of guidelines and best practices developed by the Center for Internet Security (CIS) to help organizations improve their security and mitigating their risk of cyber attacks.

How are CIS Benchmarks organized?

• Operating systems: This category includes benchmarks for various operating systems, such as Windows, macOS, and Linux. The benchmarks provide guidelines for securing the operating system by configuring settings related to, for example, user accounts, network security, audit logging.
• Cloud environments: It includes benchmarks for cloud platforms, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform(GCP). They provide guidance for securing cloud resources and services by configuring settings related to identity and access management, network security, encryption, and other areas.
• Databases: This category includes benchmarks for various database management systems, such as Oracle, Microsoft SQL Server, and MySQL.
• Applications: Includes benchmarks for various applications, such as web browsers, email clients, and office productivity suites.
• Mobile device: Address mobile operating systems, including iOS and Android, and focus on areas such as developer options and settings, OS privacy configurations, browser settings, and app permissions.
• Network devices: This category includes benchmarks for routers, switches, and firewalls.
• Servers: This category includes benchmarks for various server platforms, such as Apache, Microsoft IIS, and Nginx. The benchmarks provide guidance for securing servers by configuring settings related to user accounts, network security, audit logging, and other areas.

CIS Hardened Images

CIS also offers pre-configured Hardened Images that enable enterprises to perform computing operations cost-effectively without needing to invest in additional hardware or software. Hardened images are much more secure than standard virtual images, and they significantly limit the security vulnerabilities that can lead to a cyberattack.

What are the benefits of CIS benchmarks?

There are several benefits of using CIS benchmarks to improve an organization's security posture, such as, proven best practices, comprehensive coverage, easy to implement, customizable, regularly updated and it's independent validation. CIS benchmarks provide organizations with a clear roadmap for improving their security and mitigating the risk of cyber attacks.

Questions

What are three benefits of following CIS Benchmarks?

From the many benefits of following CIS Benchmarks we can see 3. It is easy to implement, it is regularly updated and it's proven best practices.

What are the seven core categories of CIS Benchmarks?

The seven core categories of CIS Benchmarks are operating Systems, cloud Environments, databases, applications, mobile devices, network devices and servers.

How would you convince your manager that applying CIS Benchmarks could fast-track your organization’s compliance?

I would convince my manager that applying CIS Benchmarks could fast-track your organization’s compliance by explaining to him the 7 core categories and what the bring to the company and explain also it's benefits, such as, it is easy to implement, it is regularly updated and it's proven best practices.