CIS Benchmark Hardening/Vulnerability Checklists
The Center for Internet Security is the primary recognized industry-standard for secure configuration guidance, developing comprehensive, consensus-derived checklists to help identify and mitigate known security vulnerabilities across a wide range of platforms.
Each CIS Benchmark provides prescriptive guidance for establishing a secure configuration posture for your IT Infrastructure, including a detailed description and rationale of potential vulnerabilities together with clear auditing and remediation steps. As such, the CIS Benchmarks are the overwhelming option of choice for auditors worldwide when advising organizations on the adoption of a secure build standard for any governance and security initiative, including PCI DSS, HIPAA, NIST 800-53, SOX, FISMA, ISO/IEC 27002, Graham Leech Bliley and ITIL.
As part of the CIS community, NNT has access to consensus security configuration benchmarks, software, metrics, and discussion forums where NNT is an integral stakeholder in collaborating on security best practices. NNT has leveraged these resources and best practices in our products to measure and improve the security posture of our customers. As of May 2014, NNT Change Tracker has been awarded CIS Security Software Certification for CIS Security Benchmarks across all Linux and Windows platforms, Unix and Database Systems, Applications and Web Servers - see section below for CIS Benchmark Downloads
Note: NNT is also an Official OVAL Adopter and can equally utilize any 3rd party source of SCAP, OVAL or XCCDF content, for example DISA STIG checklists.
CIS Benchmark documents available for download below, but why not sign up for a Change Tracker trial and get all the auditing and reporting done automatically in just a few minutes!
For a free automated system compliance audit:
CIS Releases New Resources to Further Reduce Cyber Security Risk to Healthcare Systems
Critical Security Controls
Want clarity on what you really need to be doing by way of security best practice in your organization? Left scratching your head for clearer guidance after reading the PCI DSS, NERC CIP, GDPR or any other Governance, Risk and Compliance (GRC) standard? Still confused about what you must do and should do in terms of data protection for your business, and why? NNT recommend the CIS Critical Security Controls as an essential ‘go to’ resource for any data security and compliance professional. Our thanks to the Center for Internet Security for continuing to expand the world’s understanding of cyber security best practices.