The Center for Internet Security (CIS) is a community of organizations and individuals seeking actionable security resources. As a member of this community, the UC Berkeley campus has access to Consensus Security Configuration Benchmarks, Scoring Tools, Consensus Security Metric definitions, and discussion forums where we can collaborate on security best practices.
To get started using tools and resources from CIS, follow these steps:
- Visit http://benchmarks.cisecurity.org/ to learn more about available tools and resources.
- Create an account at: http://benchmarks.cisecurity.org/register. Use your “@berkeley.edu” email address to register to confirm that you are a member of the UC Berkeley campus community. Respond to the confirmation email and wait for the moderator to activate your membership.
- Log in to https://community.cisecurity.org/ to download and review CIS benchmarks for your platforms. Benchmarks are available as PDF reference worksheets for system hardening.
- Download the CIS-CAT Benchmark Assessment Tool (available on the member website) and run against a representative hardened system. This cross-platform Java app examines your system and produces a report comparing your settings to the published benchmarks.
- Develop and test system hardening practices based on the benchmarks and results from the CIS-CAT Scoring Tool. You can use additional CIS tools available to members, such as Windows GPOs, to assist with system hardening. In some cases you may need to deviate from the benchmarks in order to support campus applications and services. When necessary, document the reason for the change.
- Participate in the CIS member forums to provide feedback, make suggestions, and discuss the CIS tools with other members.
Below are shortcuts to some of the most useful and common CIS benchmarks:
- CIS Security Benchmarks for Windows
- CIS Security Benchmarks for OS X
- CIS Security Benchmarks for UNIX
- CIS Security Benchmarks for Linux
- CIS Security Benchmarks for iOS
- CIS Security Benchmarks for Android
- CIS Security Benchmarks for Databases
- CIS Security Benchmarks for Web Servers
CIS maintains documentation and a short instruction video on using the CIS-CAT Benchmark Assessment Tool, so if you have difficult with the tool, review these documents first. For other questions, use the CIS member forums or contact firstname.lastname@example.org for help using the CIS benchmarks for system hardening.