CIS Benchmarks

Developed with our global community of cybersecurity experts, the CIS Benchmarks consist of more than 100 secure configuration guidelines for 25+ vendor product families. They remove the guesswork from safeguarding systems against today's evolving cyber threats.

VIEW ALL BENCHMARKSDOWNLOAD BENCHMARKS

 

The CIS Benchmarks Explained...

The CIS Benchmarks are community-developed secure configuration recommendations for hardening organizations' technologies against cyber attacks. Mapped to the CIS Critical Security Controls (CIS Controls), the CIS Benchmarks elevate the security defenses for cloud provider platforms and cloud services, containers, databases, desktop software, server software, mobile devices, network devices, and operating systems. They also help organizations demonstrate compliance with components of various industry regulations and frameworks.

Currently, there are more than 100 CIS Benchmarks across 25+ vendor product families that are available through free PDF download for non-commercial use.

Watch video to learn more

Get Involved in the CIS Benchmarks Communities

The CIS Benchmarks Communities are comprised of more than 12,000 IT security professionals who participate in the consensus process to develop secure configuration recommendations. Each of these individuals brings something different to the community development process.

You can volunteer for one (or several) CIS Benchmarks Communities by visiting CIS WorkBench. 

Overview

 

The CIS Benchmarks Explained...

The CIS Benchmarks are community-developed secure configuration recommendations for hardening organizations' technologies against cyber attacks. Mapped to the CIS Critical Security Controls (CIS Controls), the CIS Benchmarks elevate the security defenses for cloud provider platforms and cloud services, containers, databases, desktop software, server software, mobile devices, network devices, and operating systems. They also help organizations demonstrate compliance with components of various industry regulations and frameworks.

Currently, there are more than 100 CIS Benchmarks across 25+ vendor product families that are available through free PDF download for non-commercial use.

Watch video to learn more

Get Involved in the CIS Benchmarks Communities

The CIS Benchmarks Communities are comprised of more than 12,000 IT security professionals who participate in the consensus process to develop secure configuration recommendations. Each of these individuals brings something different to the community development process.

You can volunteer for one (or several) CIS Benchmarks Communities by visiting CIS WorkBench. 

Features

What Makes the CIS Benchmarks So Unique?

A Consensus Development Process

The CIS Benchmarks are different from other secure configuration guides because they are the product of an ongoing consensus process. Subject matter experts (SMEs), technology vendors, public and private community members, and academics from different industries come together in this process to debate use cases and agree upon secure recommendations.

Here's an overview of what the consensus-development process looks like:

  • Put together an SME volunteer team and make a general call for participation
  • Define the scope of the Benchmark and notify the SME volunteers so that they can help contribute to a draft
  • Invite additional volunteers to review, test, and provide feedback on the draft
  • The SME volunteers and CIS Lead review the feedback and incorporate applicable changes
  • The CIS Lead announces a final review period
  • The CIS team submits the Benchmark for publication
  • After a period of time, the cycle starts again to incorporate new technology updates and other changes into the Benchmark recommendations

CIS Benchmarks Community

Prescriptive Guidance

CIS Benchmarks tell you "why" to take certain hardening measures by breaking down every security recommendation into the following sections:

  • The description summarizes the recommendation.
  • The rationale discusses the importance of the recommendation.
  • The impact frames the security benefit of implementing the recommendation.
  • The audit identifies how you can prove you've implemented the recommendation for an audit.
  • The remediation goes through the actual steps of implementing the recommendation.

How to Use a CIS Benchmark

  • Use a PDF: Anyone can download them free of charge in PDF format for non-commercial use.
  • Through CIS SecureSuite Membership: CIS SecureSuite Members can download the Benchmarks in additional formats such as Word, Excel, and XML via CIS WorkBench. As part of CIS SecureSuite Membership, they can use the CIS Build Kits to automate their hardening efforts across Windows, macOS, and select Linux systems to CIS Benchmarks standards.
  • Launch a CIS Hardened Image: These virtual machine images are hardened in accordance with the CIS Benchmarks.
  • Deploy the Tools of Certified Product Vendors: CIS SecureSuite Product Vendor Member tools provide certified offerings for configuration, assessment, and remediation of CIS Benchmarks content.
Since we switched over to a standardized CIS Benchmark, it’s easy for us to give the auditor the data and say: We’re using CIS, and these devices are going to be compliant with that because we implement the CIS Benchmarks through group policy. If we fall in alignment with these configuration standards, it just clearly makes sense that it could really lighten the workload on the team of the State of Minnesota. I’m really impressed [by] the value you get with CIS. It’s huge.
Terry Seiple
State of Minnesota Security Architect

Ready to Get Started?

The security guidelines of all CIS Benchmarks are available free of charge in PDF format for non-commercial use.

View All CIS Benchmarks

Benchmarks FAQSCIS Hardened Images List
CIS Benchmarks

CIS Benchmarks Community

Access CIS WorkBench to join a CIS Benchmarks Community.

Join Us

We Value Your Feedback and Questions

At CIS, we're committed to serving the greater IT security community.

Contact Us Today