Best Practices According to CIS Benchmarks

What are CIS Benchmarks?

The CIS Benchmarks are best practices developed by the Centre for Internet Security (CIS) for the security configuration of IT systems.

By implementing the CIS Benchmarks, the probability of security incidents is reduced and at the same time compliance with security standards and legal requirements, especially in compliance audits, is ensured.

Components of the CIS Benchmarks

• Detailed security guidelines: The benchmarks contain specific configuration guidelines for various IT systems and applications. These guidelines are designed to minimize security vulnerabilities and increase the robustness of the systems.

• Justifications and explanations: Each policy is accompanied by an explanation of why it is important and what potential risks it mitigates. This helps users to understand the importance of each configuration measure.

• Implementation instructions: The benchmarks provide detailed instructions on how to implement the recommended configuration changes. This makes it easier for IT administrators to implement the best practices in their systems.

• Assessment methods: They also include methods for assessing a system's compliance with the benchmarks. This allows organizations to review the current security status of their IT infrastructure and identify improvement measures.

Integration Into the Platform

New "Best Practices" Tab in the Customer Menu

In the customer menu under Technical Details, "Best Practices", we show the extent to which the CIS Benchmarks are met.

When a benchmark is expanded, a detailed description and explanation of why this control is necessary appears. The possible effects on the targets or users and the solution are also described.

A breakdown of the targets shows which targets are compliant and which targets are non-compliant. It is possible to ignore the control for individual targets - the target then appears as "manually compliant" and can be hidden. By clicking on the download button, the Best Practices, whether filtered or complete, can be exported.

Compliance Score in the Security Dashboard

Another new feature is the Compliance Score in the Security Dashboard, which shows you the percentage of all controls for all targets that are fulfilled.

CIS Benchmarks vs Vulnerabilities

In contrast to vulnerabilities, which can be actively exploited and have a direct impact on the rating, low compliance with the CIS Benchmarks has no impact on the rating.

Advantages of the New Feature

• Security improvement: The benchmarks aim to increase the security of IT systems by identifying potential vulnerabilities and suggesting specific configuration measures.

• Standardization: They provide a standardized approach to security configuration that can be applied by organizations worldwide to ensure a consistent level of security.

• Compliance: The benchmarks help organizations meet regulatory and legal requirements by adhering to security best practices.