Center for Internet Security

Council on CyberSecurity - Critical Security Controls Report

by Cody Dumont
March 18, 2014

Council on CyberSecurity Critical Security Controls Report
This report covers many controls found in the Council on CyberSecurity 20 Critical Security Controls. As published by Council on CyberSecurity, the goal of the 20 Critical Security Controls is to protect assets, infrastructure, and information by strengthening your organization’s defensive posture through continuous automated protection and monitoring.

Compliance Summary Report

by Cody Dumont
February 27, 2014

 Compliance Summary Screen Shot
This report provides a template for reporting on 13 compliance standards. Each compliance standard is summarized with historic matrix, host summary table, and the compliance check summary table. The report is designed to provide a full report or a subset of reporting. The compliance officer or security manager can import this report using the app feed, and by selecting the specific chapters, the report can be easily customized.

CCI to NIST 800-53 Reports

by Cody Dumont
April 18, 2013

CCI to NIST 800-53 Report Summary
These dashbaords summarize NIST 800-53 chapters and controls based on Control Correlation Identifiers (CCI).

CCE to NIST 800-53 Reports

by Cody Dumont
April 18, 2013

CCE to NIST 800-53 Combined Sample
These report templates summarize NIST 800-53 chapters and controls based on Common Configuration Enumeration (CCE).

CIS SUSE Summary

by Dave Breslin
April 9, 2013

This report template provides a compliance summary for Center for Internet Security (CIS) SUSE Linux Enterprise Server (SLES) Security Configuration Benchmark audits.

The template with very few or no modifications at all can be used with all of Tenable's CIS certified SUSE audits. However, its recommended that audit results generated by configuration check files downloaded from the Tenable Customer Support Portal are kept separate in their own SecurityCenter repositories.

CIS RHEL Summary

by Dave Breslin
April 9, 2013

This report template provides a compliance summary for Center for Internet Security (CIS) Red Hat Enterprise Linux (RHEL) Security Configuration Benchmark audits.

The template with very few or no modifications at all can be used with all of Tenable's CIS certified RHEL audits. However, its recommended that audit results generated by configuration check files downloaded from the Tenable Customer Support Portal are kept separate in their own SecurityCenter repositories.

CIS Linux and Unix Summary

by Dave Breslin
April 9, 2013

This template is designed to report the overall compliance status of Tenable's certified Center for Internet Security (CIS) Linux and UNIX Configuration Benchmark audits.

The template with several minor modifications can be used with all of Tenable's CIS certified Linux and UNIX audits. When using multiple CIS audits ensure the results are separated by repositories. After importing the template ensure it's table and chart elements are modified to filter by the appropriate repository.

CIS and DISA Apache Linux Web Server Auditing

by Dave Breslin
March 20, 2012

CISConfDetails

This report template is designed to measure CIS, Center for Internet Security, or DISA, Defense Information Systems Agency, Apache Web Server compliance and list issues in detail leveraging Nessus agentless audits. The sample table above was generated by one of five chapters in the template and lists fifteen CIS Apache benchmark compliance failures for a web server. To see full reports for CIS and DISA agentless audits use the download example links.

CIS and DISA SQL Server Auditing

by Dave Breslin
March 19, 2012

DISASample

This report template is designed to measure CIS, Center for Internet Security, or DISA, Defense Information Systems Agency, SQL Server compliance and list issues in detail leveraging Nessus agentless audits. The sample table above was generated by one of four chapters in the template and lists seven compliance failures for a SQL Server database using checks engineered from the DISA SQL Server 2005 (SQL Server 9) Security Technical Implementation Guide, STIG. To see full reports for CIS and DISA agentless audits use the download example links.

CIS and DISA IIS Web Server Auditing

by Dave Breslin
March 16, 2012

CISIIS6Sample

This report template is designed to measure CIS, Center for Internet Security, or DISA, Defense Information Systems Agency, IIS Web Server compliance and list issues in detail leveraging Nessus agentless audits. The sample table above was generated by one of five chapters in the template and lists five CIS IIS 6 benchmark compliance failures for a web server. To see full reports for CIS and DISA agentless audits use the download example links.

Pages