How to implement secure configurations more quickly
Secure configurations are a key best practice for limiting an organization’s cyber vulnerabilities. Since systems don’t ship securely, it’s important to review and implement recommended guidance.
Configure systems securely with the CIS Benchmarks
The CIS Benchmarks are secure configuration guidelines covering 100+ technologies for 25+ product vendor families. They are the only consensus-based secure configuration guidelines both developed and accepted by government, business, and academia worldwide. CIS Benchmarks are referenced by other frameworks such as PCI DSS, FISMA, HIPAA, and more.
The Center for Internet Security (CIS) has worked with a global community of cybersecurity experts for 20 years to identify, validate, and promote cybersecurity best practices. The CIS Benchmarks security recommendations are released for free in PDF format to help every organization secure their systems and data.
CIS Build Kits – A helpful implementation tool
While these no-cost resources are great, it can be time-consuming and challenging to implement them manually from a PDF. This is why we’ve developed CIS Build Kits. These automated tools provide IT professionals with the option for both a rapid implementation of CIS Benchmark recommendations, along with confirmation that the implementation has been performed correctly.
CIS Build Kits are automated, efficient, repeatable, and scalable resources. They can be applied via the group policy management console in Windows, or through a shell script in Linux (Unix, *nix) environments. They can be tailored (customized) to an organization’s particular use case. Combined with the use of other CIS SecureSuite resources, Build Kits reduce the time to implement.
3 tips for using CIS Build Kits
Here are three of the most important tips for making sure you successfully use Build Kits:
1. Scan and review CIS Benchmark recommendations - Save time by using CIS-CAT Pro, a configuration assessment tool, to scan your environment. Once complete, review the results. This will help to identify any areas not configured to the CIS Benchmark, allow you to review the data, and help determine any potential impacts of implementing the setting. You can customize them as needed.
2. Use a test environment - Apply CIS Build Kits in a test environment first. Testing first helps you avoid any policy or performance conflicts by modifying the Build Kits to best fit your organization’s environment. Take a look at the ReadMe file within the Build Kit for instructions based on the system as the application will be unique depending on the system involved.
3. Review settings - Before deploying, review the settings once more using CIS-CAT Pro. Be sure to pay attention to the settings noted in each CIS Benchmark that must be applied manually, such as root or admin configurations.
Once you’ve completed these steps you’re ready to deploy in a live environment.
Sample Build Kits
Want to see what Build Kits have to offer? Try a sample CIS Build Kit today and see how easy it is to start secure and stay secure with CIS resources. These sample Build Kits contain a subset of the recommendations within the CIS Benchmark and are not intended to be fully implemented, but rather to provide you a snapshot of what to expect with the full CIS Build Kit. Samples include:
- A sample CIS Build Kit for Microsoft Windows: Group Policy Objects (GPOs) engineered to work with most Microsoft Windows systems that rapidly apply select CIS Benchmark configuration settings to harden workstations, servers, and other Windows computing environments.
- A sample CIS Build Kit for Linux: Custom script designed to harden a variety of Linux environments by applying secure CIS Benchmark configurations with a few simple clicks. The Linux Build Kit evaluates the entire CIS Benchmark and creates a log file that lists the recommendations that will require manual review/remediation.
Membership and more
Complete CIS Build Kits are available to CIS SecureSuite Members as part of their Membership, and can be easily downloaded via CIS WorkBench. More than 50 Build Kits are currently available.
Membership includes access to full-format, machine-readable CIS Benchmarks, the CIS-CAT Pro configuration assessment tool with remote assessment capabilities, creation of custom configuration policy via CIS WorkBench, CIS CSAT Pro for assessing implementation of the CIS Controls, and more.
Become a CIS SecureSuite Member today!