![]() ![]() Organizations frequently choose to start with CIS level 1, then move up to stricter standards selectively when they need to meet stricter regulatory or contractual requirements. The STIGs are a government standard, but some organizations outside the government use them. The CIS STIGs are CIS’s own reimplementation of the originals. The STIGs are a security standard originally created by the United States military, based on the requirements in the US Government publication NIST 800-53. CIS level 2 provides enhanced security over level 1. Most organizations start with CIS level 1, then progress to higher levels when needed for stricter security. The higher levels sacrifice a degree of compatibility for enhanced security. The lower the number, the less impact you can expect to compatibility. The CIS benchmarks come in three different levels. They also exist for many popular applications, including the four major web browsers, Microsoft Office, and Zoom. The CIS benchmarks are available for popular desktop and server operating systems, including Microsoft Windows, Mac OS, and the most popular Linux distributions. Applying the benchmarks to any system that is in scope for Sarbanes-Oxley is a good way to demonstrate to regulators that you are configuring and protecting your computer systems in a prudent and responsible manner. The requirements for Sarbanes-Oxley regarding computer systems tend to be rather vague. If your remediation teams wish they didn’t have to patch as frequently, applying the appropriate benchmarks across your enterprise may be part of the cure they are looking for.Īnother use I have seen in my role at Nucleus is Sarbanes-Oxley compliance. This system change makes it much more difficult for an attacker to be in the position to do that. The thing an attacker wants to target isn’t running, so the attacker first has to enable the vulnerable component and then attack it. ![]() The number of participants have grown over the years, and now include some vulnerability scanner vendors, as well as operating system vendors.īy using these benchmarks to disable components of a system that you are not using, you make the system much more difficult to exploit. CIS is an acronym for Center for Internet Security, which is a vendor neutral consortium who collect best practices for system hardening and configuration to improve security. Think policy as in ‘Group Policy’ in Microsoft Windows, not security policy or remediation policy. The CIS benchmarks are a common standard used for system hardening, which is sometimes also called policy compliance. The CIS benchmarks, however, are proactive. And while vulnerability management prevents breaches, it is still a reactive process. It’s a never ending cycle of vulnerabilities being discovered, vendors releasing patches, and remediation teams applying patches to remediate those vulnerabilities. While vulnerability management is one of the few preventative practices in security, vulnerability patching is still reactive. Used by over 2,000 businesses and organizations around the world, CIS SecureSuite Membership provides access to integrated cybersecurity tools, CIS Build Kits, and more.Using CIS Benchmarks in your Vulnerability Management Strategy Keep up with the fast pace of cybersecurity:ĬIS Build Kits help organizations implement secure configurations in minutes - saving serious time when compared to manual system configuration! Working with internal policy requirements? CIS Build Kits are customizable, so you can adjust them to meet your specific security needs. Quickly implement secure CIS Benchmark configurations:ĬIS Build Kits help bring systems into compliance with the secure configuration guidelines contained in the CIS Benchmarks. See for yourself how quick and easy it is to harden your systems with CIS Build Kits! These sample files function just like a typical CIS Build Kit-only with fewer configurations included-allowing you to try before you buy.Ī sample CIS Build Kit for Windows: GPOs engineered to work with most Windows systems which rapidly apply select CIS Benchmark configuration settings to harden workstations, servers, and other Windows computing environmentsĪ sample CIS Build Kit for Linux: Custom script designed to harden a variety of Linux environments by applying secure CIS Benchmark configurations with a few simple clicksĬIS SecureSuite Members receive access to our complete Build Kit files, which help organizations around the world:Īre you struggling to keep up with updates that impact your configuration settings? Using remediation content helps with the maintenance and deployment of the gold standard to which your company makes changes over time for security reasons. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |