CIS Benchmarks

stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
in Off-Topic
Holy moly, folks! I downloaded quite a few of the CIS Benchmarks and started to look through them. I opened the first one, for Windows 10 Enterprise, and nearly choked on my meal...931 pages long! If you've ever read through one of their benchmark documents, you know they don't have a lot of fluff. To say the least, with our upcoming adoption of Windows 10 Enterprise at work, we have our work cut out for us.

Thankfully when I opened the Ubuntu 16.04 LTS I saw that it is a more manageable 297 pages long. I guess I will be spending some time working through the Ubuntu document as it is my go-to OS.
The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

Connect With Me || My Blog Site || Follow Me
· Share on FacebookShare on Twitter

Comments

  • markulousmarkulous Member Posts: 2,394 ■■■■■■■■□□
    Yeah, those things are pretty verbose with all the group policies that they cover. Good docs though.
    · Share on FacebookShare on Twitter
  • E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
    I used to go through the CIS benchmarks for our Cisco equipment at my previous job. I definitely made sure I had some free time put aside for :)
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
    · Share on FacebookShare on Twitter
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    If you join CIS as a member you can download a pre-compiled GPO with all of the settings baked-in. It's all in one massive GPO, but it's ready to apply, if you've got the money. If you don't have the money, tell your work that they're paying you ?$25? an hour and it's going to take 200 hours to set it all up yourself vs paying less money to buy a 1-year membership with the settings all ready to go.
    · Share on FacebookShare on Twitter
  • markulousmarkulous Member Posts: 2,394 ■■■■■■■■□□
    636-555-3226 wrote: »
    If you join CIS as a member you can download a pre-compiled GPO with all of the settings baked-in. It's all in one massive GPO, but it's ready to apply, if you've got the money. If you don't have the money, tell your work that they're paying you ?$25? an hour and it's going to take 200 hours to set it all up yourself vs paying less money to buy a 1-year membership with the settings all ready to go.
    Sounds great in theory, but 100% compliance with CIS standards isn't feasible for a lot of environments.
    · Share on FacebookShare on Twitter
  • TacoRocketTacoRocket Member Posts: 497 ■■■■□□□□□□
    Also one thing to focus on the CIS benchmark is that they have levels. Level 1 is stuff for people who don't have full experience with the subject they are working with. Level 2 will need people who understand how the subject (network devices, desktop, server) works.

    I would break it down and proceed by level first. Then its easier to take on the 931 page PDF.
    These articles and posts are my own opinion and do not reflect the view of my employer.

    Website gave me error for signature, check out what I've done here: https://pwningroot.com/
    · Share on FacebookShare on Twitter
  • alias454alias454 Member Posts: 648 ■■■■□□□□□□
    Also, you can utilize their CIS CAT tool to run reports of specific benchmarks. You can request to get a time limited demo.
    “I do not seek answers, but rather to understand the question.”
    · Share on FacebookShare on Twitter
Sign In or Register to comment.