Best Practices According to CIS Benchmarks

As part of our security audits, compliance with CIS benchmarks is now also displayed. Read the article to learn more about this new feature and the added value it provides.

What are CIS Benchmarks?

The CIS Benchmarks are best practices developed by the Centre for Internet Security (CIS) for the security configuration of IT systems.

By implementing the CIS Benchmarks, the probability of security incidents is reduced and at the same time compliance with security standards and legal requirements, especially in compliance audits, is ensured.

Components of the CIS Benchmarks

  • Detailed security guidelines: The benchmarks contain specific configuration guidelines for various IT systems and applications. These guidelines are designed to minimize security vulnerabilities and increase the robustness of the systems.

  • Justifications and explanations: Each policy is accompanied by an explanation of why it is important and what potential risks it mitigates. This helps users to understand the importance of each configuration measure.

  • Implementation instructions: The benchmarks provide detailed instructions on how to implement the recommended configuration changes. This makes it easier for IT administrators to implement the best practices in their systems.

  • Assessment methods: They also include methods for assessing a system's compliance with the benchmarks. This allows organizations to review the current security status of their IT infrastructure and identify improvement measures.

Integration Into the Platform

New "Best Practices" Tab in the Customer Menu

In the customer menu under Technical Details, "Best Practices", we show the extent to which the CIS Benchmarks are met.

When a benchmark is expanded, a detailed description and explanation of why this control is necessary appears. The possible effects on the targets or users and the solution are also described.

A breakdown of the targets shows which targets are compliant and which targets are non-compliant. It is possible to ignore the control for individual targets - the target then appears as "manually compliant" and can be hidden. By clicking on the download button, the Best Practices, whether filtered or complete, can be exported.

Best Practices

Compliance Score in the Security Dashboard

Another new feature is the Compliance Score in the Security Dashboard, which shows you the percentage of all controls for all targets that are fulfilled.

CIS Benchmarks vs Vulnerabilities

In contrast to vulnerabilities, which can be actively exploited and have a direct impact on the rating, low compliance with the CIS Benchmarks has no impact on the rating.

Advantages of the New Feature

  • Security improvement: The benchmarks aim to increase the security of IT systems by identifying potential vulnerabilities and suggesting specific configuration measures.

  • Standardization: They provide a standardized approach to security configuration that can be applied by organizations worldwide to ensure a consistent level of security.

  • Compliance: The benchmarks help organizations meet regulatory and legal requirements by adhering to security best practices.

Teresa Leonhartsberger

August 23, 2024

Category

Feature

Might be also interesting

Guide

Traditional Vulnerability Scanner vs. Security Audit Platform

Find out how lywand's security audit platform differs from traditional vulnerability scanners and which solution is best suited to your MSP business.

October 7, 2024

Guide

IT Security Through System Hardening: What You Need to Know as an MSP

System hardening is an essential process for protecting your customers' IT infrastructure. But what exactly is system hardening and why is it so important?

September 2, 2024

Guide

From IT Service Provider to MSP: Why lywand is The Ideal Solution

This article highlights the differences between the traditional IT service model and the Managed Service Provider (MSP) approach. It explains the advantages of the MSP approach and how the transition from a traditional IT service provider to an MSP can be successfully managed.

July 17, 2024