Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Center for Internet Security Configuration Standards

by Cesar Navas
August 26, 2015

Configuration compliance programs continue to expand and increase the requirement for monitoring and management. To assist in this process, the Center for Internet Security has created several configuration benchmarks. Tenable supports a wide variety of configuration audits including NIST, CIS and other technology audits standards. The audit files for CIS include operating systems, SQL databases, routers and much more. Tenable.sc uses the audit files created specifically for CIS configuration guidelines to audit several aspects of the networks.

The CIS guidelines have two security levels. Level 1 settings are generally considered “safe” to apply to most systems. The Level 1 settings are not likely to cause a negative impact unless otherwise noted in the guide. Level 2 settings provide a higher level of security, but implementing these settings could have a negative impact to performance and functionality. For each level, when auditing there are 3 possible results of the audit check. They are Scorable, Not Scorable, and Reportable. Scorable means the system configuration can be determined via automated means. A Not Scoreable system configuration cannot be determined via automated means, thus requiring manual review of the output. Reportable means the setting is not scored but should be reported on.

This dashboard presents the data in a useable manner by both audit configuration type and by the CIS Level settings. The Not Scorable indicators should be manually reviewed after each new scan to determine if a vulnerability is present or not. If the results are acceptable, the organization can decide to accept the risk. For all the Scorable settings, the organization should review their local configuration guidelines and then compare those settings to the ones in the scan results. If needed, the organization can modify the audit files to be aligned with local policies. Should the organization not have configuration guidelines, implementing CIS benchmarks can improve security and operations.

The dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Compliance & Configuration Assessments.

The dashboard requirements are:

  • Tenable.sc 5.0.1
  • Nessus 8.5.0

Tenable.sc provides a unique combination of detection, reporting, and pattern recognition utilizing industry recognized algorithms and models. Tenable.sc supports a tight integration and API extensibility with SIEMs, malware defenses, patch management tools, BYOD, firewalls, and virtualization systems. Tenable has the ability to audit more technologies than any other vendor including operating systems, network devices, and critical infrastructure. Because Tenable has the largest installed based and best know-how, we see security and compliance issues before our competitors, and provide a peace of mind to customers.

Components

CIS Configuration Standards - System Configuration Checks: This component provides indicators for CIS audits based on the device audited. The indicators search on two fields, the Cross Reference and vulnerability text. The Cross Reference uses the audit file keyword search, while the plugin text searches for “cisecurity.org”.  These indicators will show the analysts which type of CIS audits have been run and provide an easy method for accessing CIS audit data. The indicators will turn purple when a match is discovered.

CIS Configuration Standards - Compliance by Subnet: This chart provides the analysts with a subnet level view of CIS audits. The bar chart tracks 3 severity levels: Informational, Medium, and High. When an audit scan finds a setting within compliance, then an informational severity is given to plugin. When a compliance check fails, the plugin is flagged as high severity. Plugins with a medium severity are where a manual review of the plugin output is needed to determine if the check passed or failed. The top 10 subnets with CIS checks will be represented in this chart.

CIS Configuration Standards - Level Scoring: This component provides a detailed view of the Level 1 and 2 audit checks and if the checks are scorable or not.

CIS Configuration Standards - Failed CIS Compliance Checks: This table provides a list of the failed CIS audit checks. The information in this table provides the analysis with a high-level view of the failed audit checks related to CIS benchmarks. 

Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.