What is the numbering convention for CIS Benchmarks?

Owned by Nick Romanzo, created
Last updated: May 31, 2022
2 min read

Product Name

Benchmark

Product Version

All

Date/

Jan 27, 2021

 

Question

I am trying to determine if there is a standard number convention or standard that is used for benchmarks? Are numbers for each check based on the section number? Are numbers reused if a check is deprecated in future releases?

Answer

There is no standard numbering convention for Benchmarks. The section # and titles are created by the Benchmark developers. They are dependent on the system the Benchmark is for and are not the same across the board.

The recommendation numbers should be sequential. For example, if there are 15 recommendations for section 2, then those recommendations should be numbered sequentially 2.1, 2.2, 2.3…. all the way to 2.15 If there is a skip in the recommendation # there is some kind of issue somewhere and a ticket should be raised in the related WorkBench Community.

If you would like to know why sections are named a certain way, you would have to ask that specific Benchmark Developer on the WorkBench community page that belongs to that Benchmark. You can do that by joining the community on WorkBench and raising a ticket or starting a discussion.

Recommendation numbers are reused if a check is deprecated in the future.

If you would like to know why a recommendation number has changed between Benchmark versions, please see the following support article - https://cisecurity.atlassian.net/l/c/rvMoELrK

 

Here is a helpful way to think of recommendation numbers:
”It's probably best not to think of that number as an identifier, but rather as a organizational indicator.  It only has meaning within the confines of a single benchmark version release.”

Keywords - Benchmark numbering numbered # recommendation recommended

Copyright © 2020

Center for Internet Security®