CIS Benchmarks communities: Where configurations meet consensus

Have you ever wondered how technology hardening guidelines are developed? Some are determined by a particular vendor or driven by a bottom-line perspective. That’s not the case with the CIS Benchmarks. They’re the only consensus-developed security configuration recommendations both created and trusted by a global community of IT security professionals from academia, government, and industry. There are currently 100+ CIS Benchmarks for various technologies. Some of the most used include web browsers, operating systems, and cloud infrastructure.

The CIS Benchmarks are used by companies from around the world to secure technologies from configuration vulnerabilities such as:

• Open system ports
• Unauthorized root or admin access
• User account control (UAC)
• Unnecessary/unused system services
• Server Message Block (SMB v1.0)

These vulnerabilities are often open doors for malware that can cause serious damage.

Meet the experts

There are over 12,000 professionals in the CIS Benchmarks communities. These volunteers collaborate on CIS WorkBench, an online platform used for developing and sharing security best practices. Creating CIS Benchmark recommendations requires a wide variety of skills. If you have expertise in risk, security, compliance, or technology, and a collaborative spirit, you’re just the kind of person we’re looking for.

Read CIS Benchmarks volunteer profiles

Finding the right role

CIS is always looking for volunteers to join and help develop the CIS Benchmarks. Whether you can commit an hour each week or more, your participation can help shape cybersecurity best practices. Here are some of the roles you can take on as a volunteer in a CIS Benchmark community:

• Technical and Security Subject Matter Expert (SME)
• Technical Writer
• Tester

Technical and Security Subject Matter Expert (SME)

No matter your level of technical or professional experience, there’s a place for you in the CIS Benchmarks communities. If you have expertise in a given technology family and/or in broad security issues and system interactions, the SME role might be a great fit for your skills. SME volunteers might draft a new set of configuration items for a CIS Benchmark. Or, an SME could lead the development of an entire CIS Benchmark document.

Technical Writer

Strong writers or proofreaders are always valued as technical writers. If you have experience communicating technical subjects clearly to a diverse audience (English is the standard language of the CIS Benchmarks) then we encourage you to join! Technical writers will look for spelling errors, unclear wording, and review the format of the documents. This helps ensure clear communication throughout the security recommendations.

Tester

If you’re a volunteer who has access to network devices or specialized hardware, the tester role might be the position for you. Testers often review and comment on technical details of the open discussions or tickets on a particular CIS Benchmark. This helps ensure recommendations are correct when applied and not impacting system.

The day-to-day work of developing the CIS Benchmarks varies. It takes people with all expertise levels to create a document. Every contribution made is valued in the communities. “The best thing is the consensus development of recommendations which draws on the experience and expertise of the worldwide technology community,” says volunteer Nancy Hidy Wilson.

Why volunteer?

CIS Benchmarks community members enjoy collaborating and networking with thousands of cybersecurity experts from around the globe. In addition to the warm-and-fuzzy feeling you get from helping secure the connected world, you’ll be providing real security for real threats. Here are a few communities which are currently seeking participants:

• Google Kubernetes Engine
• Google Cloud Computing – Container-Optimized OS Benchmark
• IBM AIX
• Microsoft Windows
• EMS Gateway
• Windows Server 2022
• Windows 11
• Windows 10 21H

Besides helping stop cyber threats, volunteers can also receive CPEs (Continuing Professional Education credits) and be recognized for major contributions to CIS Benchmarks within the documentation. Not to mention, bragging rights to your friends and family about the intricacies of FIPS encryption configuration!

How to get involved

Some of the specific technologies CIS is currently working to secure include Microsoft Windows (Workstation and Server) and all flavors of Linux, as well as mobile devices, cloud systems, hypervisors, and networking equipment. You can join the CIS Benchmark communities anytime! Simply register on CIS WorkBench. It’s free to join and contribute to the CIS Benchmarks development. Whether you focus on technical configurations, risk management, or cyber defenses, there’s a place for you. Come spend an hour or two each week networking and collaborating on security best practices. Learn more at the link below and join the discussion today.