Device and Service Hardening WITH BENCHMARKS FROM CIS AND OTHERS

Device and Service Hardening using NNT’s Change Tracker is the most efficient way to achieve compliance with relevant policies, guidelines and recognized benchmarks. The Center for Internet Security is the primary industry-standard for secure configuration guidance, developing comprehensive, consensus-derived checklists to help identify and mitigate known security vulnerabilities across a wide range of platforms.

Each of the benchmarks developed by the Center for Internet Security provides prescriptive guidance for establishing a secure configuration posture for your IT Infrastructure, including a detailed description and rationale of potential vulnerabilities together with clear auditing and remediation steps. As such, they are the overwhelming option of choice for auditors worldwide when advising organizations on the adoption of a secure build standard for any governance and security initiative. They can be used in addition to guideline provided by PCI DSS, HIPAA, NIST 800-53, SOX, FISMA, ISO/IEC 27002, Graham Leech Bliley or ITIL.

Additional Info

As part of the CIS community, NNT has access to consensus security configuration benchmarks, software, metrics, and discussion forums where NNT is an integral stakeholder in collaborating on security best practices. NNT has leveraged these resources and best practices in our products to measure and improve the security posture of our customers. As of May 2014, NNT Change Tracker has been awarded CIS Security Software Certification for CIS Security Benchmarks across all Linux and Windows platforms, Unix and Database Systems, Applications and Web Servers.

Note: NNT is also an Official OVAL Adopter and can equally utilize any 3rd party source of SCAP, OVAL or XCCDF content, for example DISA STIG checklists.

Benchmark Report Downloads

Many Guidelines and Benchmarks covering hardened devices and services are available from various sources. NNT’s solution do incorporate those from PCI DSS, NERC-CIP, NIST 800-53 / 800-171, CIS, IT Grundschutz (Germany), those based on ISO27002 and others. They can be used to audit enterprise networks and then monitor continuously for any drift from your hardened build standard, to ensure systems stay within compliance 24/7.

As one of a handful of CIS Certified Vendors, NNT has also incorporated a broad range of CIS Benchmarks to check against and provide extensive reporting. Adding to this capability, NNT also provides Windows Audit Policy settings or Linux Audit Policy settings for an easier deployment of hardened device and services. The detailed CIS Benchmarks are available from the Center for Internet Security.

by Platform

Windows Server

2019

Windows Server 2019 Hardened Services Guide
Windows Server 2019 DISA STIG Report
Windows Server 2019 Audit Policy For compliance
Windows Server 2019 PCI DSS Benchmark
Windows Server 2019 NIST 800-53 Benchmark
Windows Server 2019 NIST 800-171 Benchmark
Windows Server 2019 CIS Benchmark*

2012R2

Windows Server 2012R2 Hardened Services Guide
Windows Server 2012R2 DISA STIG Report
Windows Server 2012R2 PCI DSS Benchmark
Windows Server 2012R2 v2-2-0 MS Audit Only L1
Windows Server 2012R2 v2-2-0 DC Audit Only L1
Windows Server 2012R2 ISO27K Benchmark
Windows Server 2012R2 SOX Benchmark
Windows Server 2012R2 NIST 800-171 Benchmark
Windows Server 2012R2 CIS Benchmark*

Windows Desktop

LINUX

RHEL

RHEL 8 CIS Benchmark*
RHEL 7 Hardened Services Guide
RHEL 7 PCI DSS Benchmark report
RHEL 7 CIS Benchmark*
RHEL 6 STIG Viewer Export
RHEL 6 PCI DSS Benchmark report
RHEL 6 CIS Benchmark*
RHEL 5 CIS Benchmark*

Apple

* For use with NNT Change Tracker Gen7 R2

by Compliance

Apple

MS SQL Server
Oracle

MS SQL Server
Oracle

MS SQL Server

Microsoft SQL Server 2019 CIS Benchmark*
Microsoft SQL Server 2016 CIS Benchmark*
Microsoft SQL Server 2014 CIS Benchmark*
Microsoft SQL Server 2012 CIS Benchmark*
Microsoft SQL Server 2008R2 CIS Benchmark*

Cisco

Linux

Database Server

Apple

Unix

Virtualization and Container Servers

General Purpose Operating Systems

HIPAA

ISO27K

NIST 800-53

Microsoft Windows Server 2019

Microsoft Windows Server 2012R2

Cisco

Unix

SOX

The Essential Guide to CIS Controls

Download the Essential Guide to the CIS Controls

Download our CIS Controls Guide to learn more about these critical controls, including:
• What are the CIS Controls?
• CIS Controls categories - basic, foundational and organizational & what percentage of attacks can be prevented by implementing each group
• Which NNT products and services can help you address the twenty CIS Controls

Audit Policy Settings

Recommended Windows Audit Policy settings
Download the GPO template file for direct import and deployment via Active Directory

JUMPSTART YOUR USE OF THE CIS BENCHMARKS!

Applying the CIS Benchmarks to your infrastructure can be a daunting task. For example, the latest benchmark for Windows 10 Enterprise – dated 05-18-2021 – is a 1,287 pages document covering more than 500 individual settings. If you want to check them manually, assuming you need 15 seconds for each, it will take you about 2 hours to verify a single device. Overall, the benchmark documents provided by the Center for Internet Security are detailed and difficult to operationalize.

Jumpstart this operation with a free-to-use, time-limited trial license of NNT’s Change Tracker including a 5 node coverage. This trial includes all CIS Benchmarks like those for Windows 10 and all other Windows Desktop Operating System including XP, for all Windows Server versions (2019, 2016, 2012, and 2008), for all Linux distributions, and for many more applications, devices and cloud instances.

Request your trial license and get an overview of your systems status in less than one hour.

Request your FREE Trial License

Your Personalized Configuration Remediation Kit

NNT is an accredited CIS member and as such we are able to automate and control the provision of all relevant hardening standards including your Microsoft Applications. Within minutes, a full vulnerability assessment can be performed against your IT Assets. Full & automated remediation is provided to make corrective action an easy and straightforward task.
Learn more »

NNT Ransomware Mitigation Kit

NNT, in conjunction with The Center for Internet Security (CIS), provide a comprehensive suite of system hardening templates based on absolute best practices that can be leveraged to ensure all of your systems (workstations included) retain the most appropriate checks designed to harden your environment and protect from Ransomware.
NNT can also provide a Ransomware Mitigation Kit, comprising the necessary automated vulnerability checks and also the Group Policy/Puppet templates to automatically fix any weaknesses identified.

Request the FREE NNT Ransomware Mitigation Kit

The Most Powerful & Reliable Cybersecurity Products

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Next Steps

Are you ready to get started in securing your IT environment with
industry-approved foundational controls, intelligent change control and automation?

	Windows 2012 and 2012 R2 MS V2R6 Manual STIG
	Windows 2012 R2 Member Server STIG
	Windows 2012 and 2012 R2 MS V2R6 STIG Viewer Export
	NNT Windows 2012R2 MS STIG

	Windows 2008 R2 MS V1R14 STIG Benchmark NNT
	Windows 2008 R2 Member Server STIG
	Windows 2008 R2 MS V1R20 STIG Viewer Export
	NNT Windows Server 2008 R2 Member Server STIG V1R20 Report Output

	RedHat 6 V1R13 STIG Viewer Export
	NNT RHEL 6 STIG V1R13 Report Output

	MS SQL Server 2016 Database STIG
	MS SQL Server 2014 Instance STIG

	Solaris 10 V1R16 STIG Viewer Output
	NNT Solaris 10 V1R16 Report Output

	Microsoft Outlook 2016 STIG
	Microsoft Excel 2016 STIG
	Microsoft PowerPoint 2016 STIG

	Microsoft Internet Explorer 11 STIG
	Google Chrome Current Windows