CIS:
Center for Internet Security - "The Center for Internet Security mobilizes a broad community of stakeholders to contribute their knowledge, experience and expertise to identify, validate, promote and sustain the adoption of cybersecurity's best practices!"
Two resources of interest:
Center for Internet Security - "The Center for Internet Security mobilizes a broad community of stakeholders to contribute their knowledge, experience and expertise to identify, validate, promote and sustain the adoption of cybersecurity's best practices!"
Two resources of interest:
- Secure Configuration Guides (aka "Benchmarks")
- "Top 20" Critical Security Controls (CSC)
Benchmarks vs. Critical Security Controls:
- Benchmarks are technology specific checklists that provide prescriptive guidance for secure configuration
- CSCs are security program level activities:
- Inventory your items
- Securely configure them
- Patch them
- Reduce privileges
- Train the humans
- Monitor the access
CIS Benchmarks:
