Greenbone extends compliance guidelines for CIS benchmarks
Greenbone Cybersecurity, Update, Richtlinien
Apache, IIS, NGINX, MongoDB, Oracle, PostgreSQL, Windows, Linux: One year after its introduction, Greenbone brings numerous new compliance guidelines for CIS benchmarks in its products. CIS benchmarks are used by companies, organisations or authorities to check if all software products, applications, operating systems and other components used applications, operating systems and other components meet secure meet secure requirements. Similar to the IT-Grundschutz-Kompendium of the Bundesamt für Security in Information Technology (BSI), the Center for Internet Security (CIS), a non-profit organisation founded in 2000, provides comprehensive best practices for the best practices for IT security for governments, industry and science. science. As early as 2021, Greenbone developed the first compliance guidelines for CIS benchmarks. Now 18 more compliance guidelines.
Benchmarks for corporate security
The CIS Benchmarks represent guidelines of companies and public authorities that serve as a (benchmark) for compliance with requirements. Detailed the benchmarks describe in detail configurations, conditions, audits and tests for various setups and systems. After a successful scan IT admins receive a comprehensive report with a percentage figure that compliance of the systems, but also provides recommendations for further recommendations for further hardening measures.
Compared to the specifications of the IT-Grundschutz, CIS benchmarks often prove to be significantly more detailed, but also more more extensive. Unlike the many tests in the Greenbone Enterprise Feed, feed, which look for security gaps and vulnerabilities in order to help defend against attacks, the CIS benchmarks are used to prove that a company or an company or agency complies with applicable compliance regulations at all times and has compliance regulations at all times.
CIS Benchmarks at Greenbone
Bereits seit 2021 Greenbone integrates numerous compliance guidelines for CIS benchmarks. These guidelines are compilations of tests that of tests that a Greenbone-Lösung executes on a target system. In simple terms, for each individual recommendation from a CIS benchmark, a vulnerability test is developed that vulnerability test is developed for each individual requirement or recommendation from a CIS benchmark. recommendation. All tests are combined by Greenbone into scan configurations and added to the Greenbone Enterprise Feed added. As the scan configurations in this case represent guidelines of guidelines, they are referred to as "compliance guidelines". "compliance guidelines".
In 2022, Greenbone will significantly expand the set of CIS compliance policies included in the Greenbone Enterprise Feed significantly. 18 more Compliance Guidelines for CIS Benchmarks for various product families have been added. In addition to a compliance guideline for Docker containers, tests are now available for Windows 10 Enterprise, Windows 2019 Server, Centos and distribution-independent Linux benchmarks are available. In addition, webmasters can now use servers such as Apache (2.2 and 2.4), NGINX, Tomcat and Microsoft IIS 10 as well as database administrations (MongoDB 3.2 and 3.6, Oracle Community Server 5.6 and 5.7 as well as PostgreSQL 9.6, 10, 11 and 12) on Compliance guidelines for CIS benchmarks.
CIS Benchmarks: Level 1, 2 and STIG
The CIS Benchmarks are divided into several levels (Level 1, 2 and STIG) and usually include several configuration profiles to be tested. Level 1 gives basic recommendations for reducing the attack surface of a company, level 2 addresses users with special security special security needs. STIG - the former Level 3 - is used used primarily in military or official environments. used. STIG stands for Security Technical Implementation Guide. The US Department of Defence maintains a Webseite with all the details. The DISA STIGs described there (Defense Information Systems Agency Security Technical Implementation Guides) are a requirement of the US Department of Defence.
Certified by CIS
Greenbone is a member of the CIS consortium and extends its CIS benchmark scan configurations on an ongoing basis. Like all Greenbone developed by Greenbone on the basis of CIS benchmarks, the latest the latest ones are also certified by CIS - which means maximum security when it comes to hardening a system according to the CIS hardening recommendations. This not only simplifies the preparation of audits, important criteria can be checked in advance with a by a Greenbone solution and, if necessary, any weaknesses found can be and, if necessary, eliminate any weaknesses found before problems arise.
Original blog by Markus Feilner | Greenbone