Best Practices According to CIS Benchmarks

As part of our security audits, compliance with CIS benchmarks is now also displayed. Read the article to learn more about this new feature and the added value it provides.

What are CIS Benchmarks?

The CIS Benchmarks are best practices developed by the Centre for Internet Security (CIS) for the security configuration of IT systems.

By implementing the CIS Benchmarks, the probability of security incidents is reduced and at the same time compliance with security standards and legal requirements, especially in compliance audits, is ensured.

Components of the CIS Benchmarks

  • Detailed security guidelines: The benchmarks contain specific configuration guidelines for various IT systems and applications. These guidelines are designed to minimize security vulnerabilities and increase the robustness of the systems.

  • Justifications and explanations: Each policy is accompanied by an explanation of why it is important and what potential risks it mitigates. This helps users to understand the importance of each configuration measure.

  • Implementation instructions: The benchmarks provide detailed instructions on how to implement the recommended configuration changes. This makes it easier for IT administrators to implement the best practices in their systems.

  • Assessment methods: They also include methods for assessing a system's compliance with the benchmarks. This allows organizations to review the current security status of their IT infrastructure and identify improvement measures.

Integration Into the Platform

New "Best Practices" Tab in the Customer Menu

In the customer menu under Technical Details, "Best Practices", we show the extent to which the CIS Benchmarks are met.

When a benchmark is expanded, a detailed description and explanation of why this control is necessary appears. The possible effects on the targets or users and the solution are also described.

A breakdown of the targets shows which targets are compliant and which targets are non-compliant. It is possible to ignore the control for individual targets - the target then appears as "manually compliant" and can be hidden. By clicking on the download button, the Best Practices, whether filtered or complete, can be exported.

Best Practices

Compliance Score in the Security Dashboard

Another new feature is the Compliance Score in the Security Dashboard, which shows you the percentage of all controls for all targets that are fulfilled.

CIS Benchmarks vs Vulnerabilities

In contrast to vulnerabilities, which can be actively exploited and have a direct impact on the rating, low compliance with the CIS Benchmarks has no impact on the rating.

Advantages of the New Feature

  • Security improvement: The benchmarks aim to increase the security of IT systems by identifying potential vulnerabilities and suggesting specific configuration measures.

  • Standardization: They provide a standardized approach to security configuration that can be applied by organizations worldwide to ensure a consistent level of security.

  • Compliance: The benchmarks help organizations meet regulatory and legal requirements by adhering to security best practices.

Teresa Leonhartsberger

August 23, 2024

Category

Feature

Might be also Interesting

Feature

Whitelabeling: The Platform in Your Own Look & Feel

Whitelabeling allows you to customize the Security Audit Platform with your own look and feel. To complete the new feature, we have added another "treat": Read-only Access.

March 21, 2024

Feature

How Does lywand Assess IT Security?

In this article, you will find out why we have introduced probability of occurrence as a new factor in vulnerability risk assessment, and how IT security assessment works in our Security Audit Platform.

February 28, 2024

Feature

Auto Healing: Automated Vulnerability Remediation

Our new feature "Auto Healing" allows you to automatically fix up to 80% of your customers' internal vulnerabilities.

December 4, 2023