CIS Logo
tagline: Confidence in the Connected World
HomeResourcesBlog postCatch Configuration Drift with Regular Configuration Assessment

Catch Configuration Drift with Regular Configuration Assessment

Hardening an environment starts with the good intention of solid cybersecurity. System hardening is the process of applying configuration settings that are recognized to minimize the system’s vulnerabilities to cyber and denial of service attacks. To fully harden a server environment can require hundreds of configuration changes. Typical changes include enabling secure password policies, disabling unnecessary services, and user rights assignment.

Over time, as new software is installed, settings are modified, and other changes are made to systems, these once-hardened environments may become vulnerable to exploitation by cyber criminals. These changes can undo the security settings that were originally configured. This shift away from a hardened environment is known as configuration drift and can occur in both cloud-based and on-premises environments.

Thankfully, there are tools available that can automate the assessment and implementation of secure configuration settings, such as CIS-CAT Pro Assessor. CIS-CAT (CIS Configuration Assessment Tool) assesses a target system’s configuration settings and compares them to the recommendations in the CIS Benchmarks, secure configuration settings for servers, operating systems, mobile devices, and more. Manually reviewing each configuration check can take hours compared to running CIS-CAT Pro Assessor in just a few minutes. Users receive a compliance score between 0 – 100 to easily assess the results.

CIS-CAT Pro is included in CIS SecureSuite® Membership. Membership includes access to CIS-CAT Pro Dashboard, an enhanced application which helps users view their compliance to the CIS Benchmarks over time. CIS-CAT Pro Dashboard also allows users to tag systems or groups of systems and monitor their security over a particular period of time. This is especially helpful when different organizational groups may have different security needs; for example, PCI or NIST CSF compliance.

By regularly running a configuration assessment tool such as CIS-CAT Pro, organizations can detect changes in system settings and avoid configuration drift – thus improving their overall cybersecurity posture. Combined with CIS-CAT Pro Dashboard, remediation kits, full-format CIS Benchmarks and more, CIS SecureSuite Membership can help create a winning cybersecurity strategy.

Arrow  Learn more about CIS SecureSuite Membership