What are CIS benchmarks?

A CIS Benchmark is a meticulously crafted, comprehensive set of security configuration guidelines for a specific technology. Developed by the Center for Internet Security (CIS), these Benchmarks are key to enhancing an organization's ability to prevent, detect, and respond to cyber threats. When used in conjunction with basic cyber hygiene measures, CIS Benchmarks are designed to safeguard these various technologies against cyber threats.

CIS Benchmarks represent security best practices. They include tailored advice for different platforms, from operation systems to cloud services. The guidance is informed by input from a broad range of experts, ensuring relevance and practicality. They are also adjusted regularly to keep pace with evolving cyber threats.

Categorization of CIS Benchmarks

CIS Benchmarks are organized into categories based on the type of technology they address. This categorization helps organizations focus on relevant Benchmarks for their specific systems and platforms. The CIS Benchmark categories are as follows:

• Cloud providers, including AWS, Azure, and Google Cloud
• Desktop software, including Microsoft Office and Zoom
• DevSecOps tools, covering software supply chain security with GitHub
• Mobile devices, featuring Apple iOS and Google Android
• Multi-function print devices
• Network devices, including various Cisco devices and Juniper OS
• Operating systems, including Windows, macOS, and various flavors of Linux
• Server software, including Apache Tomcat, Docker, MongoDB, and NGINX