Friday, July 1, 2016

CIS: Center for Internet Security

CIS:
Center for Internet Security -  "The Center for Internet Security mobilizes a broad community of stakeholders to contribute their knowledge, experience and expertise to identify, validate, promote and sustain the adoption of cybersecurity's best practices!"

Two resources of interest:

  • Secure Configuration Guides (aka "Benchmarks")
  • "Top 20" Critical Security Controls (CSC)
Benchmarks vs. Critical Security Controls:
  • Benchmarks are technology specific checklists that provide prescriptive guidance for secure configuration
  • CSCs are security program level activities:
    • Inventory your items
    • Securely configure them
    • Patch them
    • Reduce privileges
    • Train the humans
    • Monitor the access

CIS Benchmarks: 
  • 140 benchmarks available here
  • AWS CIS Foundations Benchmark here