CIS Benchmarks

What are CIS benchmarks?

A CIS Benchmark is a meticulously crafted, comprehensive set of security configuration guidelines for a specific technology. Developed by the Center for Internet Security (CIS), these Benchmarks are key to enhancing an organization’s ability to prevent, detect, and respond to cyber threats. When used in conjunction with basic cyber hygiene measures, CIS Benchmarks are designed to safeguard these various technologies against cyber threats.

CIS Benchmarks represent security best practices. They include tailored advice for different platforms, from operation systems to cloud services. The guidance is informed by input from a broad range of experts, ensuring relevance and practicality. They are also adjusted regularly to keep pace with evolving cyber threats.

Categorization of CIS Benchmarks

CIS Benchmarks are organized into categories based on the type of technology they address. This categorization helps organizations focus on relevant Benchmarks for their specific systems and platforms. The CIS Benchmark categories are as follows:

• Cloud providers, including AWS, Azure, and Google Cloud
• Desktop software, including Microsoft Office and Zoom
• DevSecOps tools, covering software supply chain security with GitHub
• Mobile devices, featuring Apple iOS and Google Android
• Multi-function print devices
• Network devices, including various Cisco devices and Juniper OS
• Operating systems, including Windows, macOS, and various flavors of Linux
• Server software, including Apache Tomcat, Docker, MongoDB, and NGINX

Integration with CIS Controls

CIS Controls are a set of prioritized cybersecurity best practices offering a broader roadmap of actions organizations should take to improve their cybersecurity defense. CIS Benchmarks and CIS Controls work hand in hand, with the CIS Benchmarks supporting the implementation of CIS Controls by offering detailed, technology-specific guidance.

For each Control, the guidelines cover why the Control is critical, procedures and tools for implementation, and individual defensive actions (known as Safeguards). Version 8 of the CIS Controls (May 2021) includes 18 Controls:

1. Inventory and Control of Enterprise Assets
2. Inventory and Control of Software Assets
3. Data Protection
4. Secure Configuration of Enterprise Assets and Software
5. Account Management
6. Access Control Management
7. Continuous Vulnerability Management
8. Audit Log Management
9. Email and Web Browser Protections
10. Malware Defenses
11. Data Recovery
12. Network Infrastructure Management
13. Network Monitoring and Defense
14. Security Awareness and Skills Training
15. Service Provider Management
16. Application Software Security
17. Incident Response Management
18. Penetration Testing

The role of CIS Benchmarks in cloud security

By implementing the guidance found in CIS Benchmarks, enterprises can enhance their cybersecurity measures, ensuring that their systems are configured with security best practices in mind. This reduces vulnerabilities and minimizes the risk of data breaches and cyberattacks.

CIS Benchmarks are also pivotal in helping organizations meet various regulatory compliance requirements. For instance, regulations like the GDPR and HIPAA demand stringent data protection measures. By aligning with CIS Benchmarks, organizations can demonstrate their compliance with these regulations. Furthermore, automating compliance assessments allow organizations to focus on innovation.

One of the biggest challenges in cybersecurity is balancing robust security measures with operational efficiency. CIS Benchmarks are designed with this balance in mind. They offer a pragmatic approach to security that does not overly burden system performance or user productivity. By following CIS Benchmarks, organizations can maintain a high level of security without compromising the efficiency of their operations.

Overall, the impact of CIS Benchmarks on an organization’s security posture is profound. In addition to hardening its security, an organization can instill confidence among stakeholders, customers, and partners regarding its commitment to cybersecurity.

Implementing CIS Benchmarks

Transitioning from understanding CIS Benchmarks to implementing them requires a strategic approach. Below are some concrete steps to help you effectively integrate CIS Benchmarks into your organization’s cybersecurity strategy:

1. Assess your current systems: Evaluate your existing IT infrastructure to identify which CIS Benchmarks are applicable.
2. Prioritize Benchmarks: Focus first on Benchmarks that address your most critical systems.
3. Develop an implementation plan: Create a detailed plan that outlines the steps, timelines, and responsibilities for implementing each Benchmark.
4. Train your team: Educate your staff about the importance of CIS Benchmarks to ensure a smooth implementation process.
5. Implement gradually and iterate: Start with a pilot program that implements one or two Benchmarks, gradually expanding your implementation to include other Benchmarks.
6. Monitor and adjust: Regularly review the effectiveness of your Benchmark implementations, making adjustments as necessary.

Tools and resources play a crucial role in successful implementation, helping to ensure that the Benchmarks are applied correctly and efficiently. Some helpful tools and resources include:

• CIS-CAT Pro: A configuration assessment tool that scans systems to evaluate compliance with CIS Benchmarks.
• Automated configuration management systems: Using tools like Ansible, Chef, or Puppet, security configurations can be automated and codified for consistent application that aligns with CIS Benchmarks.
• Security information and event management (SIEM) tools: These tools offer continuous monitoring and reporting.

Recognizing and addressing implementation challenges will be crucial to your success. Common challenges (and how to overcome them) include:

• Resource constraints: If resources are limited, prioritize Benchmarks that offer the most significant security benefits.
• Resistance to change: Highlight the benefits of CIS Benchmarks when training your staff, and involve stakeholders in the planning process.
• Complexity in diverse environments: For complex environments, consider phased implementation and seek expert advice when needed.

How CrowdStrike enables organizations to meet CIS Benchmarks

As we’ve seen, CIS Benchmarks play a critical role in guiding organizations toward enhanced cybersecurity. They provide a structured approach to securing IT systems, ensuring compliance with regulatory standards, and maintaining a balance between security and operational efficiency. CrowdStrike partners with CIS, using the CrowdStrike Falcon^® platform to protect CIS-managed endpoints so that state, local, tribal, and territorial (SLTT) governments, K-12 public schools, and public hospitals across the United States can enjoy improved cybersecurity protection with reduced costs.

The Falcon platform provides key tools to help modern enterprises align with CIS Benchmarks. The platform is vital for preventing, detecting, and remediating modern cyber threats, including unauthorized access, malicious code execution, lateral movement, and data exfiltration.

With cloud security posture management (CSPM) from CrowdStrike Falcon^® Cloud Security, organizations have access to advanced capabilities for monitoring and securing cloud environments to enforce compliance and maintain a unified security posture.