Implementing CIS Benchmarks

bamahonkybamahonky Member Posts: 52 ■■□□□□□□□□
Has anyone had any experience in the initial implementation of CIS Benchmarks? What was your justification? How did you recommend it to management?


  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    In my experience sometimes it breaks stuff. The control items that break stuff are argued about and usually exempted.

    This the backwards way of doing things. The OS should have had the benchmark applied to a golden baseline image to begin with, before readying the OS for a production environment.

    Justification? Equifax, Target, Sony, ...
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
Sign In or Register to comment.