Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

CIS Audit Summary

by Stephanie Dunn
March 30, 2017

When dealing with compliance regulations, each organization can face a variety of potential risks. Without having a full understanding of an organization’s risk exposure, critical systems and data will be at risk for attacks or data leakage. The Center for Internet Security (CIS) developed a series of best practice benchmarks for a variety of applications, operating systems, servers, and databases used within organizations today. Each benchmark contains recommended security settings designed to harden systems and applications from attack while maintaining overall system functionality. The components in this dashboard present a summary of results gathered from CIS compliance scans using the CIS Benchmarks.

Tenable has been certified by CIS to perform a wide variety of platform and application audits based on the best practice consensus benchmarks developed by CIS. Tenable submits example test cases for all of the criteria within each unique benchmark, and then submits our results to CIS personnel for official certification. Tenable has developed audit files based on the CIS Benchmarks tested on systems, and has been approved and certified by CIS staff members.

When performing managed scans with Tenable.sc, some CIS audits require additional patch audits and vulnerability checks. Any additional requirements for completing an audit using the CIS Benchmarks will be included within the audit file description text. In some cases, multiple scans may be required, as Tenable provides both Level 1 and Level 2 audit checks. Level 1 checks provide minimum settings recommendations, and are generally considered safe to apply to most systems. Level 2 checks include recommendations for complex or highly secure environments, and can lead to reduced functionality of systems within the network.

Information presented within this dashboard includes a summary of CIS audit checks currently supported by Tenable. Results will highlight one of three severity levels that will provide valuable information analysts can use to harden systems within the enterprise. The informational severity level is considered “Passed”, indicating that the configuration setting matches the expected result of the audit check. Results assigned a medium severity must be evaluated by an analyst to determine whether the results are accurate or not. When an audit check fails, the severity is set to high, indicating that the collected result and the expected result do not match. Each failure should be reviewed, fixed, and re-scanned to ensure that the system has been secured properly. Using these benchmarks will help to assess the effectiveness of existing security controls on systems, and provide the critical context needed to strengthen an organization's security posture.

If needed, audit files can be modified to an organization’s specific requirements. Additional information on how to edit audit files can be found within the “Nessus Compliance Checks” document in the Support Portal.

The dashboard is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Compliance & Configuration Assessment. The dashboard requirements are:

  • Tenable.sc 5.2.0
  • Nessus 8.6.0
  • CIS Audit Files
  • Compliance Data

In order to maintain the overall security of systems and data within the enterprise, organizations must have an effective and repeatable way to measure compliance results. Tenable Tenable.sc helps organizations obtain results using the CIS Benchmarks by measuring compliance in real time, providing an accurate assessment of an organization’s security posture. By prioritizing remediation actions of misconfigured systems, the organization can maximize their investment in compliance reporting and system hardening efforts. With more supported technologies than any other vendor, Tenable assists organizations in obtaining the most comprehensive view of the network and the intelligence needed to assess and protect systems using CIS compliance standards.

The following components are included within this dashboard:

  • CIS - Amazon Benchmarks: This matrix component presents a summary of audit checks performed on systems running Amazon Linux.
  • CIS - Apache and NGINX Benchmarks: This matrix component presents a summary of audit checks performed on systems running Apache HTTP Servers, Apache Tomcat, and NGINX.
  • CIS - Apple Benchmarks: This matrix component presents a summary of audit checks performed on systems running Apple macOS.
  • CIS - CentOS Linux Benchmarks: This matrix component presents a summary of audit checks performed on systems running CentOS Linux.
  • CIS - Debian Linux and BIND Benchmarks: This matrix component presents a summary of audit checks performed on systems running Debian Linux, BIND DNS Server, and other distributions of Linux on x86 and x64 platforms.
  • CIS - Desktop Applications Benchmarks: This matrix component presents a summary of audit checks performed on systems running Microsoft Internet Explorer, Microsoft Office 2007, Microsoft Outlook 2010, Mozilla Firefox, and Google Chrome.
  • CIS - Docker Benchmarks: This matrix component presents a summary of audit checks performed on systems running Docker containers.
  • CIS - HP-UX FreeBSD and Solaris Benchmarks: This matrix component presents a summary of audit checks performed on systems running HP-UX, FreeBSD, and Solaris operating systems.
  • CIS - IBM Benchmarks: This matrix component presents a summary of audit checks performed on systems running IBM AIX and IBM DB2.
  • CIS - Kubernetes Benchmarks: This matrix component presents a summary of audit checks performed on systems running Kubernetes.
  • CIS - Microsoft Application Server Benchmarks: This matrix component presents a summary of audit checks performed on systems running Microsoft Internet Information Server (IIS) versions 5 through 10; Microsoft Exchange Server 2007, 2013, 2016; SharePoint 2016, Microsoft SQL Server 2008 R2 and 2016.
  • CIS - Microsoft Servers Benchmarks: This matrix component presents a summary of audit checks performed on systems running Microsoft Windows Server 2012 and 2016.
  • CIS - Microsoft Servers (EOS) Benchmarks: This matrix component presents a summary of audit checks performed on systems running Microsoft servers that are on End of Support (EOS).
  • CIS - Microsoft Workstations Benchmarks: This matrix component presents a summary of audit checks performed on systems running Microsoft Workstation operating systems.
  • CIS - MySQL Benchmarks: This matrix component presents a summary of audit checks performed on systems running MySQL server.
  • CIS - Network Device Benchmarks: This matrix component presents a summary of audit checks performed against Cisco IOS on Cisco routing, switching, and firewall appliances; Palo Alto Firewall; and Juniper Routers running JUNOS.
  • CIS - Oracle DB Benchmarks: This matrix component presents a summary of audit checks performed on systems running Oracle Database Servers.
  • CIS - Oracle Linux OS Benchmarks: This matrix component presents a summary of audit checks performed on systems running Oracle Database Servers and Oracle Linux 6.
  • CIS - Oracle Windows Benchmarks: This matrix component presents a summary of audit checks performed on systems running Oracle Database Servers and Windows.
  • CIS - Red Hat Enterprise Linux Benchmarks: This matrix component presents a summary of audit checks performed on systems running Red Hat Enterprise Linux Servers.
  • CIS - Relational Database Systems Benchmarks: This matrix component presents a summary of audit checks performed on systems running MongoDB, PostgreSQL, and Sybase.
  • CIS - SUSE and Ubuntu Linux Benchmarks: This matrix component presents a summary of audit checks performed on systems running SUSE Linux Enterprise Servers and Ubuntu LTS Servers.
  • CIS - VMWare ESXi Benchmarks: This matrix component presents a summary of audit checks performed on systems running VMWare ESXi.
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.