Protect your environment with security standards

CIS Security Benchmarks

In recent years, security has become increasingly important to businesses. Implementing security standards also called security benchmarks. The most commonly used standards are the Center for Internet Security (CIS) benchmarks, these can serve as a solid foundation to start securing your IT environment.

What is the Center for Internet Security?

The Center for Internet Security (CIS) is a community-driven nonprofit organization responsible for the CIS Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data. They also offer CIS Hardened Images®, which provide secure, on-demand, scalable computing environments in the cloud.

What does CIS cover?

The CIS Benchmarks cover virtually everything you touch from an EUC perspective, from the operating systems your users land on to the applications they use. It’s all about what best fits the needs of your business.

CIS levels

The CIS Benchmarks are divided into two levels (level 1 and level 2), designed to give you the flexibility to secure parts or your entire environment according to your company’s different security requirements:

Level 1: Recommended basic essential security requirements that can be configured on any system and should cause little or no service interruption or reduced functionality.

Level 2: Recommended security settings for environments that require higher security, which may result in some reduced functionality.

Implementation

Implementing security benchmarks can have an impact on the entire environment. It is therefore important to proceed step by step and test everything thoroughly. To ensure that it is clear at all times which exceptions have been made to the benchmark, it is wise to put these exceptions in a separate group policy. Since some exceptions may only be temporary, it is wise to keep track of these exceptions in a Security Log and attach a reminder to this, but also note this in the policy setting as a note.

Steps for implementing security benchmarks

  1. Preparation: Start by identifying the systems and applications that need to be secured.
  2. Implementation: Configure the systems with the security benchmarks. Make sure all settings are applied correctly and test the configurations thoroughly to ensure they do not negatively impact functionality.
  3. Documentation: Document all configurations and exceptions. Keep a detailed log of all changes and the reasons for them.
  4. Awareness: Inform your staff in the new security measures and make sure they are aware of security best practices.
  5. Maintenance: Implementing the security benchmarks is a process that changes continuously, so it is important to implement new versions of the benchmarks and also provide new applications with available benchmarks.
  6. Evaluation: Regularly evaluate the effectiveness of the implemented benchmarks and look for opportunities for improvement.

Conclusion

Implementing security benchmarks offers numerous benefits, from improved security and consistency to compliance and cost savings. By following these best practices, organizations can better protect their systems and adopt a robust security posture. If you have any questions following this article or need assistance, please feel free to contact us.