Sign up for our newsletter! →

The CIS benchmark: An Accessible Way to Protect Your Devices and Workplace

Written By
HanaByte blog on The CIS Benchmark by Jeff Pemberton

The ever changing threats of our cyber landscape are rapidly becoming more varied and more complicated. Thankfully, The CIS (Center for Internet Security) has been helping in this fight with strong recommendations for security controls since the early 2000s. 

Since its founding in October 2000, CIS (Center for Internet Security) has continuously released new security benchmarks. These benchmarks provide a wide variety of users with the guidelines to secure their work environments. They cover cloud providers, desktop software, DecSecOps tools, mobile devices, print devices, operating systems, and server software. Every benchmark is available publicly and for free!

CIS Benchmarks Creation Overview

The CIS benchmarks are more than a list of controls, they provide an in-depth explanation about the reasoning of each control and even walk you through step-by-step instructions for how to implement them. The Consensus Community and the CIS SecureSuite work together to provide an in depth plan for securing different platforms with the security benchmarks. The benchmark census communities are open to anyone who can contribute. This provides a communal place for subject matter experts, vendors, technical writers, and CIS SecureSuite members to get together and discuss new controls for the platforms they specialize in. The entire process requires the help of all volunteers. From the initial definition of scope and first draft to listening to feedback from the community the benchmark is created with full consensus of the community involved. This provides a wealth of knowledge toward the platform in question and vetted controls you can be sure have been closely examined by an ever growing community of professionals. According to CIS, the amount of volunteers in their benchmark communities has reached 12,000 and they are continuously looking for more. Committing even a tiny block of time for ticket reviews or control submissions is invaluable to the effort of the group as a whole. Everyone’s participation shapes the benchmarks. If you would like to be a volunteer for CIS benchmark development you can apply here!

Be a Part of the Community

As mentioned above, the roles available for the consensus communities are Subject Matter Experts (SMEs), trained experts with in depth knowledge about the platform or product the benchmark is being created for that can lead development and submit their own recommended controls for review. Technical writers, skilled and highly detailed writers willing to proofread submissions for new benchmarks and ensure the controls are portrayed in a user friendly way. Testers, volunteers with the access to the products in questions, should be able to implement and test the controls and provide feedback to the rest of the community based on their experience setting the controls. Finally, the contributor role allows volunteers to submit tickets to request changes to existing or new benchmarks and can be a valuable resource to anyone looking for answers about the benchmarks. Together the consensus community creates a strong team aimed at creating a valuable resource for all of us. As an added bonus volunteers can receive CPEs (Continuing Professional Education credits) and have the chance to be recognized publicly in the documentation. CIS currently has 107 publicly available communities, if all this sounds like something you’d like to be a part of you can find them all on the CIS Communities page after creating a free account.

A Quick Look Into Benchmarks

Getting a peek into the benchmark of your choice is very simple! You may browse and download any of the available benchmarks from the CIS Benchmark page and begin to use them to secure your business or private environment from cyber threats. The itemized lists of controls will supply you with in-depth and current instructions for each control and provide the community’s rationale for each one. No obligation is insisted upon the user to contribute or donate to CIS for this service. The mission is simply the betterment of the internet as a whole. With more secure practices, awareness, and risk mitigation we can strengthen ourselves against the tide of ever increasing threats and maybe even provide a deterrent for future attempts against access into our systems. Existing benchmarks range from AWS, GCP, and Azure cloud platforms to CIsco Network devices or Google Chrome.

We Can Help

While the benchmarks are accessible to all, the time available for implementation is not quite as available. If you’ve taken a look at the benchmarks it’s clear that some time needs to be set aside to review the documentation before implementation is possible, that’s where Hanabyte can help! Our team of certified professionals have extensive knowledge of many services you will find benchmarks for. We can help you understand the impact of controls by providing clear explanations and highlighting the ones your company’s users will notice, allowing you to breathe easy knowing our team of experienced experts are available for insight at any point during the process.

Relevant Blogs

Gmail blog for HanaByte
Cloud Security

A Thorough Approach to Email Security with Google Workspace

Google Workspace offers a wide variety of controls aimed at protecting you and your users from common email threats. These controls are offered to all domain owners at every subscription tier, allowing admins to protect their entire organization without forcing a higher premium…

Read More →
hanabyte, hana ohana, startup culture
HanaByte Culture

A Thoughtful Review of HanaByte’s Progress

As we start a new year, it’s a good time to truly reflect on HanaByte’s success throughout 2023 and beyond. Starting on a foundational level, we not only doubled in size, but also attended multiple conferences as a company, had our first team-building retreat, and introduced many employee resources that continue to benefit and encourage our employees to thrive. In this past year, we also worked on strengthening our Associate’s Program, completed quarterly HanaByte Hearts initiatives, enacted our supplemental learning program, hosted meetups in Atlanta for local cybersecurity networking and finalized details to unveil our newest program, HanaByte Paws for Cause…

Read More →
Jeff Pemberton, Google Cloud, Carbon footprint, Hanabyte blog
Cloud Security

Reduce Your Carbon Footprint in Google Cloud (and be more secure!)

Google has many services that can be leveraged to create a low cost, secure environment for your cloud infrastructure; Load Balancing, Google Kubernetes Engine (GKE), Cloud Security Command Center, Intrusion Detection System, and Identity and Access Management (IAM). Google’s security mindset and sustainability initiatives overlap and strengthen each other in several ways…

Read More →