What’s it like to be involved in a CIS Benchmark community?
Communities are at the heart of everything CIS does – from MS-ISAC Workgroups focusing on SLTT-centric solutions to international communities refining the CIS Controls and CIS Benchmarks. What’s it like to participate in a CIS Benchmark community? In this blog post, we’ll share some of the ways you can share your expertise and network with other information security experts in the communities drafting configuration guidelines on CIS WorkBench.
Most people contributing to the CIS Benchmarks communities take on one or more of these roles:
- Author — Creates an initial benchmark draft and presents it to the community for review. The author incorporates feedback into the draft and leads the consensus discussion process.
- Contributor — Takes an active role in the community by providing content, reviewing evolving drafts, and providing feedback / approval through discussions, surveys, or periodic teleconferences.
- Reviewer — Reviews draft content for syntax, grammar, aesthetic, and readability issues. Reviewers usually approve CIS Benchmark content through discussions or surveys.
- Maintainer — Reviews content and works with the CIS Benchmark community to correct any defects (such as omissions, superfluities, or formatting errors) in the content.
Some community members also elect to be CIS Benchmark editors. Editors work in groups to apply their subject matter expertise to each CIS Benchmark, ensuring that configuration guidelines are always up-to-date. We aim for three editors per benchmark, and provide CPE (Continuing Professional Education) credits based on time and commitment needed to maintain excellent benchmark guidance quality.
So, what kind of conversations take place in a CIS Benchmark community? Discussions center around specific configuration guidelines for a particular technology. Topics frequently include:
- SSH protocols
- Password requirements
- Enabling/disabling ports
- Default plugin settings
- Remote access authentication requirements