CIS Benchmarks Communities: Where Configurations Meet Consensus
Have you ever wondered how technology hardening guidelines are developed? Some are determined by a particular vendor or driven by a bottom-line perspective. That’s not the case with the CIS Benchmarks. They’re the only consensus-developed security configuration recommendations both created and trusted by a global community of IT security professionals from academia, government, and industry. There are currently 100+ CIS Benchmarks for various technologies. Some of the most used include web browsers, operating systems, and cloud infrastructure.
The CIS Benchmarks are used by companies from around the world to secure technologies from configuration vulnerabilities such as:
- Open system ports
- Unauthorized root or admin access
- User account control (UAC)
- Unnecessary/unused system services
- Server Message Block (SMB v1.0)
These vulnerabilities are often open doors for malware that can cause serious damage.
Meet the experts
There are over 12,000 professionals in the CIS Benchmarks communities. These volunteers collaborate on CIS WorkBench, an online platform used for developing and sharing security best practices. Creating CIS Benchmark recommendations requires a wide variety of skills. If you have expertise in risk, security, compliance, or technology and a collaborative spirit, you’re just the kind of person we’re looking for.
Finding the right role
CIS is always looking for volunteers to join and help develop the CIS Benchmarks. Whether you can commit an hour each week or more, your participation can help shape cybersecurity best practices. Here are some of the roles you can take on as a volunteer in a CIS Benchmark community:
- Technical and Security Subject Matter Expert (SME)
- Technical Writer
Technical and Security Subject Matter Expert (SME)
No matter your level of technical or professional experience, there’s a place for you in the CIS Benchmarks communities. If you have expertise in a given technology family and/or in broad security issues and system interactions, the SME role might be a great fit for your skills. SME volunteers might draft a new set of configuration items for a CIS Benchmark. Or, an SME could lead the development of an entire CIS Benchmark document.
Strong writers or proofreaders are always valued as technical writers. If you have experience communicating technical subjects clearly to a diverse audience (English is the standard language of the CIS Benchmarks) then we encourage you to join! Technical writers will look for spelling errors, unclear wording, and review the format of the documents. This helps ensure clear communication throughout the security recommendations.
If you’re a volunteer who has access to network devices or specialized hardware, the tester role might be the position for you. Testers often review and comment on technical details of the open discussions or tickets on a particular CIS Benchmark. This helps ensure recommendations are correct when applied and not impacting system.
The day-to-day work of developing the CIS Benchmarks varies. It takes people with all expertise levels to create a document. Every contribution made is valued in the communities. “The best thing is the consensus development of recommendations which draws on the experience and expertise of the worldwide technology community,” says volunteer Nancy Hidy Wilson.
CIS Benchmarks community members enjoy collaborating and networking with thousands of cybersecurity experts from around the globe. In addition to the warm-and-fuzzy feeling you get from helping secure the connected world, you’ll be providing real security for real threats. Here are a few communities which are currently seeking participants:
- Microsoft Windows - draft benchmark updates available for review
- IBM AIX
- IBM Db2
- Apache Cassandra
- Apache Hadoop
- Apache HTTP Server
- Apache Tomcat
Besides helping stop cyber threats, volunteers can also receive CPEs (Continuing Professional Education credits) and be recognized for major contributions to CIS Benchmarks within the documentation. Not to mention, bragging rights to your friends and family about the intricacies of FIPS encryption configuration!
How to get involved
Some of the specific technologies CIS is currently working to secure include Microsoft Windows (Workstation and Server) and all flavors of Linux, as well as mobile devices, cloud systems, hypervisors, and networking equipment. You can join the CIS Benchmark communities anytime! Simply register on CIS WorkBench. It’s free to join and contribute to the CIS Benchmarks development. Whether you focus on technical configurations, risk management, or cyber defenses, there’s a place for you. Come spend an hour or two each week networking and collaborating on security best practices. Learn more at the link below and join the discussion today.
About the Author
CIS Benchmarks Product Owner
Michelle Peterson is currently a Product Owner for CIS Benchmarks. She has been with CIS for nearly 11 years and previously was the Sr. Director of Member Success at CIS. Michelle came into the company at its infancy and has contributed to the growth and success of the membership and globally recognized configuration guidelines known as the CIS Benchmarks. A strong supporter of community participation and feedback, Michelle regularly works with stakeholders to better understand their needs and plan accordingly the development of new and updated versions of the CIS Benchmarks.