Cybersecurity Guides - Cybersecurity Frameworks
Using the CIS Benchmarks for Cybersecurity Control Implementation
Summary:
The CIS leverages a global community of cybersecurity experts to continue developing their Benchmarks: more than 100 configuration guidelines, across 25+ vendor product families, to safeguard systems against evolving cybersecurity threats. The CIS has just recently published two new AWS Benchmarks including updates to their AWS Foundations Benchmark v1.5.0 and
a new Bottlerocket Benchmark v1.0.0 (links to access below).
Recommendations:
Following a Cybersecurity frameworks is one thing, but implementing the controls and safeguards are another. It's very important to adopt a framework, have a roadmap and set of policies, but at the end of the day, the work must be done. Some controls are very easy and straightforward, and many organizations may already have them in place or at least the tools they need to easily implement the change. But some controls are much more complicated and require advanced knowledge and expertise to configure. Finding guidance on how to properly make these configuration changes can be both time consuming and costly.
That's where the CIS Benchmarks come in. These are extremely thorough configuration documents that lay out the exact settings required to meet recommended standards and best practices. Not only do these documents provide the detailed settings, but there are also instructions on how to implement them. For example, the Microsoft 365 Benchmark will tell you exactly where to find a particular setting within the Admin Portal, including how to get to the right page, and how to make and apply the change.
There are Benchmarks for all kinds of devices, applications, operating systems and platforms. This includes Firewalls, Windows 10 and 11, Windows Server OS's, Microsoft Office, platforms like Microsoft 365, Azure and AWS, and many others.
I highly recommend you go to the links below to see the full list of all the CIS Benchmarks and download everything applicable to your organization. And I almost forgot to mention, these are FREE! That said, there are paid services that can be very helpful to complement the configuration documents, such as a tool CIS offers to scan your system to validate your settings against the Benchmark.
There are more than 12,000 professionals in the CIS Benchmarks Communities. Creating CIS Benchmarks recommendations requires a wide variety of skills. If you have expertise in risk, security, compliance, or technology, and would like to support the cause, the CIS will welcome you with open arms. You can consider joining the CIS Benchmark Community by checking out the link below.
See the list of references below
Review these sources for more information
CIS - Advancing Hardened Systems in the AWS Cloud https://www.cisecurity.org/insights/blog/advancing-hardened-systems-in-the-aws-cloud?sc_camp=012AA007443D43A0AF132C9D374673BB
CIS Benchmarks Community - Join the community and support the cause! https://www.cisecurity.org/communities/benchmarks
CIS Benchmarks - View all of the available Benchmarks here! https://www.cisecurity.org/cis-benchmarks/
CIS Controls - View the latest CIS Controls documentation for Version 8. https://www.cisecurity.org/controls
