AWS SecurityJan Kahmen8 min read

CIS Benchmark - for Highest Cloud Security

CIS Benchmarks are among the best practices you can use to configure a target system securely.

Table of content

What does CIS Benchmark mean?

CIS benchmarks are among the best practices you can use to configure a target system with confidence. They therefore support you in making your IT systems, networks, software as well as cloud infrastructure secure.
In the meantime, the CIS Benchmark is available for numerous providers in different product families. They currently address seven core technology categories. What they have in common is that they develop a global community of cyber security experts. This global collaboration helps to ensure that individual security best practices can be continually identified, refined and validated.

CIS - the Center for Internet Security

Since many areas have increasingly shifted to cyber space, the demands on cloud security have increased. For this reason, a non-profit organisation was founded as early as October 2000 to deal with these security aspects: The Center for Internet Security. This is an international IT community that works to implement best practice solutions for your security. This includes identifying, developing and validating these solutions so that they can support you in your cyber defence.

How a CIS Benchmark is Developed

Every CIS benchmark starts with defining its scope. Within this scope, initial working drafts are discussed, created and tested. In the further course of the process, the discussion threads are uploaded via the associated community website. In this way, experts worldwide have the opportunity to continue the dialogue and make further recommendations. The aim is to reach a consensus within the CIS benchmark community. Only then may the final CIS Benchmark be published.

This is how CIS Benchmarks are Organised

CIS benchmarks receive their configuration recommendations at two different profile levels.
The first level are the so-called Level 1 benchmark profiles. They cover the basic configuration that you can easily implement. The advantage of this is that these recommendations have a minimal impact on your business functionality.
Level 2 benchmark profiles, on the other hand, are suitable for high-security environments. This means that once you want to implement them, significantly more coordination and planning is required. Otherwise, they cannot be implemented into your system with minimal disruption.
These two profile levels exist for each of the seven core categories of the CIS Benchmarks.

Operating Systems

They include the security configurations of your core operating systems, i.e. Apple OSX, Linux or Microsoft Windows. This also includes best practice policies for access restrictions, user profiles as well as internet browser configuration. This is a CIS benchmark, which is an important basis for your system hardening. The same applies to your database hardening. Make sure that all configurations fit your IT compliance.

Cloud Providers

These benchmarks look at security configurations for cloud providers. These include Amazon Web Services, Google, IBM and Microsoft Azure. In addition, they include guidelines for IAM and other security measures.

Desktop Software

In this CIS Benchmark, you will get recommendations on how to configure commonly used software applications. These include the most common Internet browsers on the one hand, and the Exchange Server and Microsoft Office on the other. Since this CIS Benchmark focuses on data protection, it is important for your database hardening. Again, best practices should go hand in hand with your IT compliance.

Mobile Devices

Mobile operating systems such as iOS and Android are important components of your cloud security. External access makes it necessary to check and secure all privacy configurations, app permissions and developer settings. After all, your cloud security depends not only on your on-premises system hardening, but on all your comprehensive security measures.

Multi-function Printers

The CIS Multifunction Printer Benchmark ensures that your multifunction printers are secure in office environments. This includes regular firmware updates, wireless access configuration, but also file sharing.

Network Devices

For your network devices, you need both manufacturer-specific and general guidelines for security configuration. The CIS Benchmark provides you with these.

Server Software

To keep your server software secure, the CIS Benchmark for Server Software offers you different best practices. It covers API server settings, server administration controls as well as memory constraints for common server software.

These are the Advantages of the CIS Benchmark

The CIS Benchmark offers you numerous advantages. Although you are not obliged to follow it, it can support your decisions regarding configuration management.
It is the collective knowledge of global cybersecurity expertise.
It helps you implement digital transformation strategies securely.
They contain regularly updated step-by-step guides that are suitable for every area of your IT infrastructure.
The configurations are efficient, sustainable and easy to implement.
They promote consistency in your compliance management.
By the way: Even if you take advantage of the CIS Benchmark in your company, you should not do without a penetration test. It helps you to identify existing vulnerabilities and security gaps.

CIS Hardened Images for Cost-Efficient Computing

In case you want to perform computing operations cost-efficiently, CIS additionally offers you pre-configured hardened images. The advantage is that you do not have to invest in additional software or hardware. At the same time, such a hardened image is significantly more secure than a standard virtual image. In this way, you limit your security gaps and protect yourself simply and effectively against cyber attacks.
CIS Benchmark and IT compliance
The CIS Benchmark is strongly oriented towards the regulatory framework for data protection and security. If regulations such as the NIST Cybersecurity Framework apply in your company, you can integrate the benchmark without hesitation. The same applies to HIPP, PCI DSS or ISO/EIC 2700. The CIS Benchmark makes it easier for you to maintain your IT compliance.

Frequently Asked Questions about the CIS Benchmark

Many companies have little familiarity with the CIS Benchmark. Therefore, questions often arise that you may want to clarify before improving your cloud security.

How often are the Benchmarks Updated?

How often the experts publish new benchmarks or update old benchmarks depends on the community. The technology they are supposed to support also influences this. Therefore, there is no fixed schedule.

What is the Format of the CIS Benchmark?

The benchmark uses the free PDF format. In addition, you can obtain it in other formats such as Word, XML or Excel.

What if there is an Error in the Benchmark?

If there are discrepancies in a CIS benchmark, you should inform the community. Such discrepancies happen and it is important to improve them. Maintaining documents after they have been released is an integral part of the CIS Benchmark Lifecycle.

Do all Configurations need to be Made?

The benchmark contains sensible configurations through which you can increase the security in your IT infrastructure. However, they do not have to be implemented if they cannot be realised in your company.

Conclusion - CIS Benchmarks are Useful for Cloud Security

For your cloud security, the CIS benchmark is an important step in the right direction. It helps you achieve your IT compliance regulations and keep your systems consistently secure. Although you do not have to use the suggested configurations, they increase your security immensely. Combined with regular security checks and the penetration test, you benefit from a secure environment for your business


Curious? Convinced? Interested?

Schedule a no-obligation initial consultation with one of our sales representatives. Use the following link to select an appointment: