Implementing CIS Benchmarks
Has anyone had any experience in the initial implementation of CIS Benchmarks? What was your justification? How did you recommend it to management?
Comments
-
yoba222
Member Posts: 1,237 ■■■■■■■■□□
In my experience sometimes it breaks stuff. The control items that break stuff are argued about and usually exempted.
This the backwards way of doing things. The OS should have had the benchmark applied to a golden baseline image to begin with, before readying the OS for a production environment.
Justification? Equifax, Target, Sony, ...A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP