Versions Compared

Old Version 6

changes.mady.by.user Andrew Dannenberger

Saved on

compared with

New Version Current

changes.mady.by.user Chris Boldiston

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Product Name

CIS Benchmark™

Product Version

Date

Problem

Info

My organization creates custom scripts for automation. Benchmark recommendation numbers that change in new Benchmark versions (e.g., RHEL 7 Benchmark v3.0.1 to RHEL 7 Benchmark v3.1.1) creates the need for labor-intensive editing of scripts. Why do recommendation numbers change in new Benchmark versions?

Solution

Benchmark recommendation numbers change from version to version because some recommendations are removed and some are added. This usually only occurs after lengthy expert debate within the CIS WorkBench community.

So, for example, in CIS Red Hat Enterprise Linux 7 Benchmark v3.0.1, the recommendation number is 5.4.1.1 for "Ensure password expiration is 365 days or less." That version of the Benchmark does not have the section "Configure Sudo". However, CIS Red Hat Enterprise Linux 7 Benchmark v3.1.1 added that section at 5.2 - Configure Sudo. The result of the new section is that the “Ensure password expiration is 365 days or less” section increased to 5.4.1.0 and the recommendation number changed from 5.4.1.1 to 5.5.1.1. Thus, changing recommendation numbers is a necessary byproduct of evolving Benchmark recommendations in new Benchmark versions.

Please see the following Knowledge Base article for information on how to track recommendation number changes in the Appendix section of CIS Benchmark PDFs:

https://cisecurity.atlassian.net/l/c/A0aVxP7U

https://cisecurity.atlassian.net/l/c/Sr1gUAco

Note

Here is a helpful way to think of recommendation numbers: do not think of the number as an identifier, but rather as a organizational indicator. It only has meaning within the confines of a single benchmark version release.

Keywords; Benchmark recommendation number

Content by Label

Filter by label (Content by label)
showLabelsfalse
showSpacefalse
cqllabel = "sbp_fer"

Copyright © 2020

Center for Internet Security®

Privacy Policy

Page Properties
hiddentrue

Action

Name(s)

Date

Linked ticket

Jira Legacy
serverSystem JIRA
serverIdb90ca2a8-9df7-3869-89db-c424866c1b16
keySUPPORT-19205

Created by

Reviewed by

Approved by

Remove by