Developed by a global community of cybersecurity professionals, CIS benchmarks are best practices for securely configuring IT systems, software, networks and cloud infrastructure.
CIS benchmarks are published by the Center for Internet Security (CIS). At the time of this writing, there are more than 140 CIS benchmarks in total, spanning seven core technology categories. CIS benchmarks are developed through a unique consensus-based process involving communities of cybersecurity professionals and subject matter experts around the world. These experts continuously identify, refine and validate security best practices within their areas of focus.
Get insights to better manage the risk of a data breach with the latest Cost of a Data Breach report.
Register for the X-Force Threat Intelligence Index
CIS (link resides outside ibm.com) is a nonprofit organization established in October 2000. CIS is driven by a global IT community with the common goal of identifying, developing, validating, promoting and sustaining best practice solutions for cyberdefense. Over the years, CIS has produced and distributed several free tools and solutions for enterprises of all sizes, designed to strengthen their cybersecurity readiness.
CIS is most commonly known for its release of CIS Controls (link resides outside ibm.com), a comprehensive guide of 20 safeguards and countermeasures for effective cyberdefense. CIS Controls provide a prioritized checklist that organizations can implement to reduce their cyberattack surface significantly. CIS benchmarks reference these controls when building recommendations for better-secured system configurations.
Each CIS benchmark includes multiple configuration recommendations based on one of two profile levels. Level 1 benchmark profiles cover base-level configurations that are easier to implement and have minimal impact on business functionality. Level 2 benchmark profiles are intended for high-security environments and require more coordination and planning to implement with minimal business disruption.
There are seven (7) core categories of CIS benchmarks:
CIS also offers pre-configured Hardened Images that enable enterprises to perform computing operations cost-effectively without needing to invest in additional hardware or software. Hardened images are much more secure than standard virtual images, and they significantly limit the security vulnerabilities that can lead to a cyberattack.
CIS hardened images (link resides outside ibm.com) are designed and configured in compliance with CIS benchmarks and Controls and are recognized to be fully compliant with various regulatory compliance organizations. CIS Hardened Images are available for use in nearly all major cloud computing platforms and are easy to deploy and manage.
CIS benchmarks align closely with–or 'map to'—security and data privacy regulatory frameworks including the NIST (National Institute of Standards and Technology) Cybersecurity Framework, the PCI DSS (Payment Card Industry Data Security Standard) (PCI DSS), HIPAA (Health Insurance Portability and Accountability Act), and ISO/EIC 2700. As a result, any organization operating in an industry governed by these types of regulations can make significant progress toward compliance by adhering to CIS benchmarks. In addition, CIS Controls and CIS Hardened Images can help support an organization's compliance with GDPR (the EU's General Data Protection Regulation).
While enterprises are always free to make their own choices around security configurations, CIS benchmarks offer:
Move confidently to hybrid multicloud and integrate security into every phase of your cloud journey. Safeguard and monitor your data, applications and environments with IBM Security® services.
Govern cloud resource configurations and centrally manage your compliance to organization and regulatory guidelines.
Simplify and optimize your application management and technology operations with generative AI-driven insights.
Cybersecurity technology and best practices protect critical systems and sensitive information from an ever-growing volume of continually evolving threats.
Kubernetes is an open source container orchestration platform that automates deployment, management and scaling of containerized applications.