CIS Security Benchmarks
www.cisecurity.org
1
Leaving SiteNav
External Link Disclaimer
You are about to visit www.cisecurity.org. This website is not operated by us. We are not responsible for its content or privacy practices.
About this website
CIS (Center for Internet Security) is a nonprofit organization that provides industry-recognized cybersecurity standards, benchmarks, and best practices to help organizations improve their security posture. Founded in 2000 and headquartered in East Greenbush, New York, CIS operates the Multi-State Information Sharing and Analysis Center (MS-ISAC) for US state, local, tribal, and territorial governments. Key features: CIS Benchmarks: over 100 configuration guidelines for securing operating systems (Windows, Linux, macOS), cloud platforms (AWS, Azure, GCP), databases (Oracle, SQL Server, PostgreSQL, MongoDB), web servers (Apache, Nginx, IIS), container platforms (Docker, Kubernetes), and network devices. Each benchmark contains hundreds of configuration recommendations organized into categories (Initial Setup, Services, Network Configuration, Access, Authentication, Logging, etc.) with three profile levels (Level 1: basic security without functionality loss; Level 2: defense-in-depth for high-security environments). CIS Controls (formerly SANS Top 20): a prioritized set of 18 cyber defense actions providing a clear path to improve cyber defenses: inventory of enterprise assets, inventory of software assets, data protection, secure configuration of assets, account management, access control management, continuous vulnerability management, audit log management, email and web browser protections, malware defenses, data recovery, network infrastructure management, network monitoring and defense, security awareness and skills training, service provider management, application software security, incident response management, and penetration testing. CIS-CAT Pro: automated configuration assessment tool for scanning systems against CIS Benchmarks. CIS Hardened Images: pre-configured virtual machine images hardened to CIS Benchmark standards available on AWS, Azure, and GCP marketplaces. CIS RAM (Risk Assessment Method) for prioritizing controls. Free and commercial tiers.
Tags & Categories
Categories
Tags
Statistics
1
Views
0
Clicks
0
Like
0
Dislike