The Center for Internet SecurityThe Center for Internet Security Site MapContact UsPrivacy Policy
The Center for Internet Security
HomeNewsWhat is CIS?Benchmarks/ToolsOther ResourcesJoin UsTestimonialsFAQ
CIS Members site

Become a Member of CIS - Click here for more info

More than 170 members, from around the wrold! Click here for more info

Get Involved - Click here for more info



CIS certifies commercial software. Click here for more info

CIS licenses resources for commercial use. Click here for more info.

click here to find out about CIS trademarks.

Click here to find out about upcoming conferences and events!

 Benchmarks/Tools
CIS Level 1 Benchmark for Virtual Machines - Click Here to Download Them
- FAQ - The Benchmarks
October 18, 2007:

The CIS Benchmarks for securing Virtual Machines and securing VMWare ESX Server 3.x, and the do-backup.sh and filelist files referenced by the benchmarks, are now available.
The Download Files Include:
  • CIS_VM_Benchmark_1.0.pdf - This document contains general guidelines for securing virtual machines.
  • CIS_VMware_ESX_Server_Benchmark_1.0.pdf - This document contains guidelines for securing VMware ESX Server 3.x machines.
  • do-backup.sh - The backup shell script referenced by the ESX benchmark.
  • filelist - The filelist referenced by the ESX benchmark (a text file).
    		•
    What is the Benchmark?
    The Benchmark is a compilation of security configuration actions and settings that "harden" Virtual Machines.  It recommends Level 1 Benchmark guidance, representing the prudent level of minimum due care for operating system security.

    Level 1 Benchmark settings/actions:

    • Can be understood and performed by system administrators with any level of security knowledge and experience;
    • Are unlikely to cause an interruption of service to the operating system or the applications that run on it; and
    • Can be automatically monitored either by CIS Scoring Tools or by CIS Certified tools available from security software vendors.  CLICK HERE for a roster of commercially available
      CIS-certified software tools.  
    CLICK HERE to see a 09/06/07 Information Week article on the CIS Benchmark for Virtual Machines.
    CLICK HERE to see a 09/05/07 Computerworld article on the CIS Benchmark for Virtual Machines.
    CLICK HERE to see a 09/05/07 Dark Reading article on the CIS Benchmark for Virtual Machines.
    Share Your Feedback
    We value your feedback, which may be used both to update the Virtual Machine Benchmark's security configuration recommendations.  Please direct your feedback to:
    The CIS Feedback Email Address
    Please direct other feedback to:
    Dave Shackleford, Vice President
    For more information about the CIS consensus process and the benchmarks, go to What are the Benchmarks? and FAQ - The Benchmarks.  
    Updates to the Benchmark and Tool
    The CIS Level 1 Benchmark for Virtual Machines is updated periodically. Continuous feedback from CIS Members and other users assures that the consensus standard of minimum due care is always reflected in the recommended settings.

    Revision histories can be found in the benchmark documents.  One of the benefits of Center Membership is electronic notification when updates become available.

    Click Here for more information about membership.  If your organization is not a member of the Center, visit this website periodically to assure that you are using the latest version of the Virtual Machines Benchmark.

    Click Here to see what Members say about The Center for Internet Security.

    DOWNLOAD the CIS Level 1 Benchmark for Virtual Machines



    Logo and Design by Keiler
    © 2005, the Center for Internet Security.