CIS Benchmarks™ FAQ
What are CIS Benchmarks?
CIS Benchmarks are best practices for the secure configuration of a target system. Available for more than 100 CIS Benchmarks across 25+ vendor product families, CIS Benchmarks are developed through a unique consensus-based process comprised of cybersecurity professionals and subject matter experts around the world. CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia.
How are CIS Benchmarks developed?
The initial benchmark development process defines the scope of the benchmark and begins the discussion, creation and testing process of working drafts. Using the CIS WorkBench community website, discussion threads are established to continue dialogue until a consensus has been reached on proposed recommendations and the working drafts. Once consensus has been reached in the CIS Benchmark community, the final benchmark is published and released online.
CIS Benchmarks are free to download in PDF format, with additional file formats (XCCDF, Word, etc.) available to CIS SecureSuite Members.
Please do not hesitate to join in on community discussions, become a volunteer to lead the development of a new benchmark via CIS WorkBench, or submit a ticket via our support portal to provide feedback.
How often are new benchmarks or new versions of older benchmarks released?
Keeping up to date on new CIS Benchmark releases is easy! Monthly emails are distributed announcing new benchmarks and updates to existing benchmarks that have been released. To sign up for these emails, login to CIS Workbench (registration is free) and click on the “receive newsletter” checkbox within your profile.
Please note that the CIS Windows Benchmarks will always cover the latest Windows build version within 90 days of a new Windows version release. Regardless of which version you are using, the CIS Benchmark is designed to be used with all build versions up to that most recent version. This update will save you the time and confusion of needing to look up CIS Windows Benchmarks with specific build numbers.
Want to track a benchmark’s development? Each community within CIS WorkBench allows the user to view milestones associated with a particular CIS Benchmark to show where it stands in the development and update process.
Configuration Profiles and Formats
What are the Level 1, Level 2, and STIG Profiles within a CIS Benchmark?
Most CIS Benchmarks include multiple configuration profiles. A profile definition describes the configurations assigned to benchmark recommendations.
The Level 1 profile is considered a base recommendation that can be implemented fairly promptly and is designed to not have an extensive performance impact. The intent of the Level 1 profile benchmark is to lower the attack surface of your organization while keeping machines usable and not hindering business functionality.
The Level 2 profile is considered to be “defense in depth” and is intended for environments where security is paramount. The recommendations associated with the Level 2 profile can have an adverse effect on your organization if not implemented appropriately or without due care.
The STIG profile replaces the previous Level 3. The STIG profile provides all recommendations that are STIG specific. Overlap of recommendations from other profiles, i.e. Level 1 and Level 2, are present in the STIG profile as applicable.
Every recommendation within each CIS Benchmark is associated with at least one profile. Regardless of which level profile you plan to implement in your environment, we recommend applying CIS Benchmark guidance in a test environment first to determine potential impact.
What formats are CIS Benchmarks available in?
CIS SecureSuite Members can also download CIS Benchmarks in additional formats via CIS WorkBench, such as Word, Excel, XML, etc.
Discrepancies and Notifications
What if I find a dispute in the Benchmark or disagree with a setting?
First and foremost, please let us know! We thrive on the feedback from those that are entrenched in using and implementing our benchmarks. Any discrepancies in CIS Benchmark content provides us an opportunity to improve.
An integral component of the CIS Benchmark lifecycle includes maintenance once the benchmark has been released. The maintenance process includes reviewing tickets and discussion threads that have been assigned to that benchmark since its release. If the content within the tickets and discussion threads are deemed applicable to the CIS Benchmark, the revisions or updates will be integrated into the next release of the CIS Benchmark. You can create a ticket or begin a discussion thread by logging into CIS WorkBench (registration is free), joining a particular CIS Benchmark community, and navigating to the Community Dashboard menu listing on the left.
Why am I receiving a 404 error when attempting to download a Benchmark from CIS WorkBench?
In order to download a CIS Benchmark from Workbench, you will need to join the CIS WorkBench community for that particular benchmark. To join a community, simply login to CIS WorkBench (registration is free), select the “Communities” tab on the top menu bar and select your community of interest. Upon navigating to the community dashboard, select “Join”.
If you continue to experience a 404 error despite being a member that of that CIS Benchmark community, please contact us via the support portal.
I have an account on CIS WorkBench and am an active participant in the communities. How do I manage the email notifications received from the site?
Thanks for participating! To manage your preferences and notifications, select your user profile in the upper right corner of the top menu bar and click on your username in the drop-down below. This selection will navigate to your personal CIS WorkBench page. From here, click on “Subscription Preferences” in the left-hand menu. The Subscription Preferences page will allow you to customize your interaction with the platform to your liking.