The Structure of CIS Benchmarks

CIS Standards are a collection of best practices for securely designing IT devices, applications, protocols, and cloud hosting that were created by a global community of cybersecurity specialists.

How do CIS Benchmarks Work?

The Center for Internet Security (CIS) standards are a collection of industry best practices for securely establishing networks, software, and IT systems. More than a hundred CIS Standards now represent seven main technological categories. A special consensus-based process is used to create the CIS Benchmarks, which involves communities of cybersecurity experts and subject matter experts worldwide. These communities are each responsible for continuously identifying, improving, and validating security best practices in their respective fields of expertise.

The Center for Internet Security's Background

In October 2000, the nonprofit organization CIS (link leaves IBM) was founded. The mission of CIS is to identify, create, validate, promote, and sustain best practice solutions for cyber protection. A global IT community drives it. CIS has created and offered several free tools and solutions for businesses of all sizes over the years to improve their cybersecurity readiness.

The publishing of the CIS Controls, a complete manual of 20 safeguards and countermeasures for effective cyber defense, is what made them so well-known. By using the prioritized checklist offered by CIS Controls, organizations can significantly reduce the vulnerable area to cyberattacks. CIS Benchmarks take these limitations into account when making recommendations for better secure system configurations.

How are CIS Benchmarks Organized?

Numerous setting recommendations are included in each CIS Benchmark based on one of two profile levels. Baseline configurations that are simpler to implement and don't significantly affect business functionality are covered by Level 1 benchmark profiles. Implementing Level 2 benchmark profiles with the least amount of business disturbance requires additional collaboration and planning because they are designed for high-security environments.

Categories of CIS Benchmark

Benchmarks for Operating Systems:

These benchmarks explain how to set up several operating systems safely. Access control, driver setup, browser configurations, and other security-related settings are all covered in the advice.

Benchmarks for Server software:

These benchmarks cover the secure configuration of Kubernetes, SQL Server, and other server software. Some subjects discussed are server administrator controls, API server settings, and Kubernetes PKI certificates.

Benchmarks for Cloud Providers:

These benchmarks define security recommended practices for setting up public clouds. The topics covered are identity and access management, logging, legal compliance, and networking.

Benchmarks for Mobile Devices:

These benchmarks cover configurations for mobile devices. Developer preferences, app authorization, and OS privacy settings are a few best practices.

Benchmarks for Network Devices:

These benchmarks explain how to set up network devices safely. The general applicability of guidance across several vendors' systems is vendor-neutral.

Benchmarks for Desktop Software

These benchmarks explain the best security standards for popular programs like Microsoft Office and popular browsers. Email privacy, browser options, and mobile device control are some subjects covered (MDM).

Benchmarks for Multi-Function Print Devices:

These benchmarks outline the best practices for setting up and protecting multi-function printers, including how to manage firmware updates and wireless network access settings, among other things.

Benchmarks for the CIS: Benefits

Although businesses are always free to choose their own security setups, the following recommendations from CIS Benchmarks are provided:
● The collective knowledge of an international IT and cybersecurity community.
● Step-by-step instructions for safeguarding each IT infrastructure component that is routinely updated.
● Consistency in compliance management.
● A flexible template for implementing digital transformation initiatives and securely implementing new cloud services.
● Configurations that are simple to implement for increased operational effectiveness and sustainability.