Assess, Remediate, and Implement with CIS SecureSuite

 

The world is becoming increasingly reliant on technology, and a strong cyber defense program is more important than ever. The challenge of achieving good cyber hygiene can be especially acute for small- and medium-sized businesses. This is particularly true for those that have moved to fully remote or hybrid work environments during the COVID-19 pandemic. Add to the mix limited resources and limited talent geared towards cybersecurity, and the challenges can seem overwhelming.

Over the next several weeks, a series of blog posts will explain what you need to know to assess, remediate, and implement security best practices at scale. It all starts with three key elements of a strong cybersecurity program that include:

  • Assessing your organization's current cybersecurity program and its prioritization
  • Remediating endpoints at scale, bringing them into compliance with security best practices
  • Implementing cybersecurity policies and monitoring them to stay in compliance

Know Where You Stand: Assess Your Organization's Current Cybersecurity Posture

Taking the first step toward better cyber hygiene means understanding where your organization is now. Conduct an honest assessment of your strengths and weaknesses in order to prioritize where to focus your efforts. The challenge here is finding the right bar to measure yourself against. There are several frameworks out there that will do the job, but it can be daunting to figure out which one is the best for your situation, especially if this is the first time you're doing an assessment. Starting with the CIS Controls and CIS Benchmarks as your standard can help you take the guesswork out of your assessment and provide peace of mind that you're covering all of your bases.

Here's what makes these two sets of best practices especially useful:

  • They tell you the "what" and the "how": Many of the other frameworks tell you what you should do, but not how to do it. CIS best practices give you both.
  • They are comprehensive and consensus-based: CIS best practices are developed in collaboration with a global community of cybersecurity experts. They're also data-driven as explained in the Community Defense Model.
  • They are mapped to other industry regulatory frameworks: CIS best practices have been mapped or referenced by several other industry regulatory requirements, including: NIST, FINRA, PCI DSS, FedRAMP, DISA STIGs, and many others. This means you can get the proverbial "two birds with one stone" by assessing against CIS best practices, saving you time and money.

The CIS Controls are a prioritized and prescriptive set of safeguards that mitigate the most common cyber-attacks against systems and networks. The CIS Benchmarks are more than 100 configuration guidelines across 25+ vendor product families to safeguard systems against today’s evolving cyber threats. Both are available as free PDF downloads to help you get started.

One of the challenges in applying any best practice framework is dedicating the time and resources to do the work. CIS has developed tools and resources to help automate and track the assessment process. The CIS Controls Self Assessment Tool (CIS CSAT) helps organizations assess the implementation of the CIS Controls, while the CIS Configuration Assessment Tool (CIS-CAT Pro Assessor), scans target systems for conformance to the CIS Benchmarks. CIS-CAT Pro Assessor allows you to move more quickly toward analyzing results and setting a strategy to remediate your gaps.

Remediate Endpoints at Scale

CIS resources and tools can help you move toward compliance with best practices by identifying and remediating the gaps. CIS-CAT Pro Assessor, for example, produces reports highlighting system conformance to the CIS Benchmarks. Once you understand where your gaps are and how to fix them, you can use CIS Build Kits to achieve compliance at scale. CIS Build Kits are automated, efficient, repeatable, and scalable resources for rapid implementation of CIS Benchmark recommendations.

Implement Cybersecurity Policies and Monitor for Compliance

Creating strong policies and monitoring conformance helps ensure that an organization is working toward a more secure environment. Regularly monitoring conformance over time is critical. It helps you avoid "configuration drift" away from secure configuration, and helps identify any new issues quickly. CIS tools can help monitor conformance and identify gaps.

CIS-CAT Pro Dashboard provides a graphical interface for viewing CIS Benchmark conformance assessment results over time. Similarly, CIS CSAT Pro allows an organization to monitor implementation of the CIS Controls over time.

Do It All with a CIS SecureSuite Membership

CIS’s primary mission is to make the connected world a safer place. Any organization can start improving cyber hygiene by downloading the best practices for free at cisecurity.org. Get the most out of the best practices by signing up for a cost-effective CIS SecureSuite Membership. You'll get access to Pro versions of our tools, the ability to customize CIS Benchmarks, CIS Build Kits, access to a network of cybersecurity professionals and industry experts, and much more.

Sign Up Now and Save Up To 20%

You don't have to go it alone. A cost-effective CIS SecureSuite Membership can be both an instant solution to your immediate security needs, as well as a long-term resource to help you and your organization grow while remaining secure. It is an effective way to assess, remediate, and implement a strong cybersecurity program. Sign up with promo code CIS-2021 by April 30, 2021 and receive a discount of up to 20% on your new Membership.

Attend our CIS Benchmarks Demo Webinar. Leverage the tools and resources included in CIS SecureSuite Membership to effectively implement the CIS Benchmarks.