Products & Solutions
The Security Configuration Benchmarks are distributed free of charge in PDF format to propagate their worldwide use and adoption as user-originated, de facto standards. The CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia.
The Benchmarks are:
- Recommended technical control rules/values for hardening operating systems, middleware and software applications, and network devices;
- Unique, because the recommendations are defined via consensus among hundreds of security professionals worldwide;
- Used by thousands of enterprises as the basis for security configuration policies and the de facto standard for IT configuration best practices.
Available to CIS Security Benchmarks Members
In the Downloads section of the CIS Security Benchmarks Member Web site (registered account information required), members will find:
- CIS-CAT which tests a target systems for conformance with Benchmarks encoded in XCCDF. CIS-CAT provides IT and security professionals with a fast, detailed assessment of target systems' conformance with CIS Benchmarks. CIS-CAT offers enterprises a powerful tool for analyzing and monitoring the security status of information systems and the effectiveness of internal security controls and processes.
- CIS Pre-configured Hardened Virtual Images CIS has hardened virtual machine images in the AWS Elastic Compute Cloud (EC2) computing environment. CIS benchmarks-hardened virtual machine templates, known as Amazon Machine Images (AMIs) in the AWS EC2 cloud, are configured according to the applicable CIS benchmarks.
- Word/Excel Versions of the CIS Benchmarks
- Automated remediation kits for implementing and assessing Benchmark guidance. The content allows you to automatically apply the recommended settings for a particular benchmark.
- Information about the Benchmarks, Metrics, and Assessment Tools
- 111 (Auto-populates via J-SON) Benchmark documents in PDF
- 28 Security Metric Definitions in PDF can be used across organizations to collect and analyze data on security outcomes and process performance.
- CIS Controls are especially relevant because they are based on actual attack data pulled from a variety of public and private threat sources.
- Crosswalk- CIS maps its Benchmarks to two leading security guidelines: the Critical Security Controls for Effective Cyber Defense and the Australian Signals Directorate's (ASD) Strategies to Mitigate Targeted Cyber Intrusions. The CIS mapping provides a "crosswalk" - a comprehensive and prioritized blueprint of CIS Benchmarks for organizations to leverage to help accomplish the corresponding security guidelines' recommendations.