Customize CIS Benchmarks with New Tailoring Feature in CIS WorkBench
CIS SecureSuite® Members can now customize CIS Benchmarks™ within the CIS WorkBench platform. This added flexibility will help users tailor security recommendations to their specific organizational needs.
Why Customize CIS Benchmarks?
Each CIS Benchmark contains hundreds of recommended security settings for configuring a specific technology. From operating systems to servers to mobile devices, the CIS Benchmarks provide consensus-based guidance to help lock down and secure various machines. However, in some cases, a particular benchmark recommendation may not fit with an organizational or compliance-based requirement.
For example, let’s say the recommended minimum password length required by the CIS Benchmark for your operating system is 12 characters. Now, say your Chief Information Security Officer has decided that the company policy should require a minimum password length of 20 characters instead. Now you can tailor the CIS Benchmark configuration check to require a minimum 20-character password instead of 12.
Want a quick overview of the CIS Benchmarks? We’ve got you covered with the video below.
How to tailor a CIS Benchmark
The latest update to CIS WorkBench makes customizing a CIS Benchmark easier than ever. Simply:
- Go to a published CIS Benchmark within CIS WorkBench;
- Click the “fork” option on the left; and
- The custom version of your CIS Benchmark will be displayed on the navigation list on the left
You can export a customized benchmark in Word and Excel formats, with additional formats (OVAL, XCCDF, etc.) available for some CIS Benchmarks. OVAL and XCCDF formats are both required for use in CIS-CAT Pro.
Customized benchmarks and updates
CIS regularly updates the CIS Benchmarks to account for new security recommendations and implement bug fixes. So what happens to a custom CIS Benchmark when updates are available?
- You’ll see a “new changes available” message on the benchmark screen in CIS WorkBench
- You can ignore this, or click to apply the update
- If you do apply the update, it will overwrite any tailoring you have done
- Once you’ve applied the update, you can review each change by highlighting the differences in CIS WorkBench and accept or reject each difference
Detailed documentation about CIS Benchmark customization is available in CIS WorkBench under “Help.”