![]() ![]() Implementing CIS Benchmarks can be daunting because of the sheer number of Controls under each Benchmark, the necessity of assessing if the Control is appropriate for a given server, and the scale at which these Controls need to be deployed in a modern IT estate. ![]() ![]() Any given Benchmark can have dozens or hundreds of Controls. A Control is a specific action: a setting or practice. Each Benchmark recommends a specific set of security recommendations called Controls. The Benchmarks define security best practices for platforms from mobile devices to operating systems, network devices, virtualization platforms, and middleware. There are a significant number of published Benchmarks - over 50 as of this writing. The CIS Benchmarks have been adopted by many organizations as the standard to implement.ĬIS publishes these recommendations, grouped under Benchmarks, and you can download them for free. CIS is a not-for-profit organization that develops and maintains best practices in relation to cyber security. The days of “trust in the firewall” are long gone every organization should adopt standard security best practices.įortunately there's a well-defined set of standards available: CIS Benchmarks. It's definitely on someone's mind in your organization. If compliance isn't on your radar right now, it should be. Some organizations in high-risk industries require proof of CIS compliance, like government agencies and contractors. Increased business demands and pressure to reduce costs, especially in the current environment, force IT organizations to address these standards via shortcuts or exceptions that end up being time-consuming, high-risk, and costly.Īccording to a report from Ponemon Institute, “The average cost for organizations that experience non-compliance problems is $14.82 million, a 45 percent increase from 2011.” Back to top Do You Need CIS Compliance?Īny organization that uses IT, regardless of size or industry, can benefit from CIS compliance. If organizations don't adhere to these standards, they can be charged with hefty fines or, in the worst cases, even jail time. □ Looking for more? Don't miss our comprehensive Compliance Management 101 > They’re stuck dealing with the vast number of machines that are outside of compliance and are sometimes forced to manually reconcile exceptions and build out one-off fixes that we all know don't scale. Infrastructure teams I talk to are often struggling to keep up with the last-minute scans sent over by security teams, and coordination becomes a big challenge. Every team has a special server or a benchmark that doesn’t apply, and making sense of it all is difficult. It gets tricky because there are so many rules to enforce and often there are just as many exceptions to keep track of. □ Get smarter about compliance - download a FREE white paper: The Path to Continuous Compliance and Better SecurityĬompliance is one of the biggest pains to deal with, but also one of the most important things to get right. Most organizations these days are faced with regulatory standards that must be enforced, which bring both technical and business challenges that are difficult to overcome. Additionally, some auditors check for CIS compliance and impose restrictions, fines, and other penalties for noncompliance with CIS Benchmarks.ĬIS compliance is important because passing an audit is hard - whether you’re in retail, healthcare, finance, or honestly, any industry that values security. Back to top Why is CIS Compliance Important?ĬIS compliance is important because it helps strengthen cybersecurity to protect data and IT systems from risk. CIS compliance means establishing baseline configurations to protect systems and data from cyberattacks and other forms of IT risk.ĬIS compliance is measured in CIS Benchmarks, which are specific security configurations recommended by the Center for Internet Security. The definition of CIS compliance is the act of meeting cybersecurity standards from the Center for Internet Security (CIS). Get Started with Puppet for CIS Compliance. ![]() How to Enforce CIS Compliance with Puppet.How to Get (and Stay) Compliant with CIS Benchmarks Fast with Puppet. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |