Our Cloud Servers are not domain joined, can we still use the CIS Build KitsĀ®?
Product Name
CIS Build KitsĀ®
Product Version
All versions
Date
Sep 12, 2022
Ā
Problem
Our Cloud Servers are not domain joined and the CIS Build KitsĀ® cannot be pushed via GPO, can we still use the Build Kits?
Solution
CIS Windows Build Kits:
Our CIS Windowās Build KitsĀ® are GPOs. The README.doc included in the CIS Windows Build KitsĀ® states āInside each Build Kit you will find folders containing broken out GPO settingsā¦ The Benchmarks are designed to support domain-joined enterprise systems; as such you will be importing the GPOs contained in the Build Kit into your group policy of your domain controllerā¦ Once imported, edit the GPOs accordingly before applying to any system. Once the GPOs are tailored to the organizationās needs and properly tested, begin rollout to a small group of systems.ā
As of August 2022 CIS now offers the āMicrosoft Windows 10 Stand-alone Benchmark v1.0.1ā and associated Build Kit.
Adjustments/tailoring to the benchmark recommendations can be done a number of ways including Local Group Policy Editor, Group Policy Management Console on Windows Server (GPMC), and Microsoft's Local Group Policy Object tool (LGPO).
Ā
CIS Linux Build Kits:
The Build Kits for UNIX and LINUX environments are basic shell scripts that can be run from the machine or through another organizationally-approved tool.
Ā
PLEASE NOTE, reviewing the content within the corresponding Benchmark PDF is imperative for an overall successful application of the Build Kit, as there may be some settings that your organization needs to exempt itself from due to unique operational requirements.
Applying the Build Kit to a system without proper testing and review may result in a negative impact within your environment. In some cases, less than 100% of the CIS Benchmark will be applied; it is the responsibility and decision of each organization to determine which settings are applicable to their unique needs.
Ā
Ā
Ā