Skip to main content

Center for Internet Security (CIS)

The Center for Internet Security (CIS) is a non-profit that provides tools and recommendations to help with security improvements. These standards are a good basis for security and in some cases are included in other frameworks as recommendations for best practice. These best practices are separated into CIS Controls and CIS Benchmarks which can be accessed through https://www.cisecurity.org/cybersecurity-best-practices/

CIS Controls

The CIS Controls provide an audit framework for cybersecurity best practices. This provides a guide to walk through foundational actions that will eliminate most common attacks. These controls are not currently included in any form within this portal although are planned to eventually be added into reporting.

CIS Benchmarks

CIS Benchmarks are configuration guidelines for various technology groups designed to aid against evolving cyber threats. These benchmarks can be accessed through https://www.cisecurity.org/cis-benchmarks/

Implementation in the portal

The CIS benchmarks are continually being added into the portal for use. If a benchmark exists for a configured application then an option to apply CIS Benchmarks exists as an alternative method for applying policy controls in the portal.

Limitations

The CIS Benchmarks have been implemented with the following notes:

  • Benchmark items that are not able to be validated programmatically (e.g. Contact person kept up to date) are not included
  • Not all benchmark items are implemented as policies
  • Reports provide coverage for some benchmark items
  • Custom benchmark settings are not currently available