What are CIS Benchmarks?

A CIS benchmark contains guidance from the Center for Internet Security (CIS) on best practices for configuring IT systems, networks, and software. The CIS has released over 140 benchmarks with the support of cybersecurity professionals and subject matter experts in communities worldwide.

Request a Demo Download the Security Report

What are CIS Benchmarks?

The Categories of CIS Benchmarks

The CIS Benchmarks are categorized into seven groups, including:

  1. Operating System Benchmarks: These benchmarks describe how to securely configure Microsoft Windows, Linux, Apple OSX, and other operating systems. Guidance includes access management, driver installation, browser configurations, and other settings with security impacts.
  2. Server Software Benchmarks: These benchmarks cover the secure configuration of Microsoft Windows Server, Kubernetes, SQL Server, and other server software. Kubernetes PKI certificates, API server settings, and server administrative controls are some of the topics covered.
  3. Cloud Provider Benchmarks: These benchmarks outline security best practices for configuring public clouds like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform. Topics include identity and access management, logging, regulatory compliance, and networking.
  4. Mobile Device Benchmarks: These benchmarks discuss mobile device configurations. Some best practices include developer settings, app permissions, and OS privacy configurations.
  5. Network Device Benchmarks: These benchmarks describe how to securely configure network devices. Guidance is vendor-neutral and generally applicable across different vendors’ systems.
  6. Desktop Software Benchmarks: These benchmarks outline security best practices for widely-used applications such as Microsoft Office and common browsers. Topics include email privacy, browser settings, and mobile device management (MDM).
  7. Multi-Function Print Device Benchmarks: These benchmarks describe best practices for configuring and securing multi-function printers, such as firmware update management, wireless network access configurations, and more.

Kubernetes CIS Benchmark

The buzz around K8s is showing no signs of letting up, and although Kubernetes is a fantastic platform for containers and microservices, there have been question marks around its overall security, especially in its early days. CIS has been working on securing Kubernetes since 2017, and the Center for Internet Security benchmark is already at version 1.23.

The Kubernetes CIS benchmark, like other CIS benchmarks, provides security posture management best practices tailored to the unique needs of Kubernetes and its containers. The CIS Benchmarks for Kubernetes provides extensive security guidance broken up into two domains: Master Node Security Configuration — covering Scheduler, Controller Manager, Configuration Files, etcd, and PodSecurityPolicies — and Worker Node Security Configuration — targeting Kubelet and Configuration Files.

Firewall CIS Benchmark

CIS benchmarks are a set of best-practice cybersecurity standards for a range of IT systems and products including firewalls. The firewall benchmark provides a baseline configuration to ensure compliance with industry-agreed cybersecurity standards that is developed by CIS alongside communities of cybersecurity experts within industry and research institutes. System and application administrators, security specialists, auditors, help desk, and platform deployment personnel can use the benchmark to develop, deploy, assess, or secure their security infrastructure.

Benefits of CIS Benchmarks

CIS benchmarks provide numerous benefits to an organization, including:

  • Collected Knowledge and Expertise: CIS benchmarks are developed with the input of the cybersecurity and IT community, providing the benefits of all of their expertise.
  • Improved Security: CIS benchmarks outline security best practices for the target systems, which, if implemented, can help to close vulnerabilities and limit an organization’s vulnerability to attack.
  • Up-to-Date Guidance: CIS benchmarks are regularly updated, ensuring that their step-by-step instructions remain relevant as solutions change and evolve.
  • Consistent Security: CIS benchmarks describe best practices for securing various technologies, enabling an organization to achieve security maturity across its infrastructure.
  • Ease of Use: CIS benchmarks are designed to be implemented, making it straightforward to deploy the recommended configurations and controls.

CIS Benchmarks and Regulatory Compliance

Companies must achieve, maintain, and demonstrate compliance with a growing number of regulations. As the regulatory landscape grows more complex, it can be difficult for an organization to ensure that it is compliant with all applicable requirements.

The Center for Internet Security Benchmarks are designed to aid compliance efforts by outlining best practices that align and comply with major regulations. For example, CIS Benchmarks are closely mapped to the NIST Cybersecurity Framework, the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accessibility Act (HIPAA), and ISO 27001.

In addition to providing guidance regarding best practices, Center for Internet Security also offers CIS Controls and CIS Hardened Images, which are preconfigured images of securely configured systems. These resources can also streamline the compliance process by providing organizations with access to systems that are designed to be compliant with applicable regulations.

How to Achieve CIS Compliance

An organization can achieve CIS compliance by implementing the best practices outlined in the CIS benchmarks. These resources are freely available and contain step-by-step guidance for securing a range of systems. Alternatively, an organization can deploy CIS Hardened Images, which contain prebuilt versions of different operating systems that are configured to be compliant with CIS requirements.

However, while manually achieving compliance with the CIS benchmarks is possible, it can be difficult to achieve at scale. Compliance management software can help an organization to achieve and maintain compliance with the CIS benchmarks by identifying and highlighting non-compliant configurations for remediation.

CIS Benchmarks and Check Point

Maintaining regulatory compliance and system security for all of an organization’s IT assets can be difficult, especially as the corporate infrastructure expands to the cloud. Multi-cloud environments, with their limited visibility and unfamiliar configuration settings, are a common cause of data breaches and security incidents.

Check Point CloudGuard automates compliance management, including compliance with the CIS benchmarks and other major security regulations and standards. Organizations can even use this to manage the configuration of Check Point firewalls based on the CIS Check Point Firewall Benchmark. To learn more about Check Point firewall capabilities, ask for a free demo. To learn more about CloudGuard’s capabilities and how it can help your organization to improve cloud security and simplify regulatory compliance, sign up for a free demo today.

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK