How do CIS Controls relate to the CIS Benchmarks?
- Nick Romanzo
- Parami Swenson (Unlicensed)
- Chris Boldiston
Product Name
CIS Benchmarks
Product Version
All
Date
Jan 13, 2022
Problem
How do CIS Controls relate to the CIS Benchmarks?
Solution
The CIS Controls are a general set of recommended practices for securing a wide range of systems and devices. Each control is categorized into a total of 153 safeguards and these are then identified by implementation groups (IG1, IG2, IG3). This is the list of CIS controls -The 18 CIS Controls . Here is our CIS Controls FAQ page - CIS Critical Security Controls FAQ
Benchmarks are guidelines for hardening specific operating systems, middleware, software applications, and network devices. Each recommendation in a Benchmark is linked to a CIS Control.
Example: Windows 10 Enterprise Release 21H1
Benchmark recommendation 1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)' (Automated). This refers to Version 8 Control 5.6: Centralize Account Management through a directory or identity service. This is a subcategory of the main control 5 to protect sensitive data through controlled use of the user accounts and authentication systems- IG2, IG3.
Use the audit procedure in the Benchmark to gather evidence that you are compliant with the Benchmarks recommendation and then upload that evidence to CSAT to prove you are compliant with the CSAT Control. You prove you are compliant with CSAT Control 5.6 by implementing the CIS Windows 10 Enterprise Release 21H1 Benchmark recommendation 1.1.1.
Keywords; Controls Benchmark
Content by Label