How do CIS Controls relate to the CIS Benchmarks?

Problem

Solution

The CIS Controls are a general set of recommended practices for securing a wide range of systems and devices. Each control is categorized into a total of 153 safeguards and these are then identified by implementation groups (IG1, IG2, IG3). This is the list of CIS controls -https://www.cisecurity.org/controls/cis-controls-list/ . Here is our CIS Controls FAQ page - https://www.cisecurity.org/controls/cis-controls-faq/#:~:text=the%20CIS%20Controls.-,What%20is%20the%20relationship%20between%20the%20CIS%20Controls%20and%20the,software%20applications%2C%20and%20network%20devices.

Benchmarks are guidelines for hardening specific operating systems, middleware, software applications, and network devices.  Each recommendation in a Benchmark is linked to a CIS Control.

Example: Windows 10 Enterprise Release 21H1

Benchmark recommendation 1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)' (Automated). This refers to Version 8 Control 5.6: Centralize Account Management through a directory or identity service. This is a subcategory of the main control 5 to protect sensitive data through controlled use of the user accounts and authentication systems- IG2, IG3. 

Use the audit procedure in the Benchmark to gather evidence that you are compliant with the Benchmarks recommendation and then upload that evidence to CSAT to prove you are compliant with the CSAT Control. You prove you are compliant with CSAT Control 5.6 by implementing the CIS Windows 10 Enterprise Release 21H1 Benchmark recommendation 1.1.1.

Keywords; Controls Benchmark

Content by Label