CIS Benchmark Scanning
Utilize CIS Benchmark Scanning to verify your compliance with industry standard security best practices.
What is CIS Benchmark Scanning?
According to CIS Security, CIS Benchmarks are best practices for the secure configuration of a target system.
We support the following CIS Benchmarks:
Windows 7 |
Windows Server 2008 Domain Controller |
Oracle Enterprise Linux 7 Server Level 1 |
Windows 7 with BitLocker |
Windows Server 2008 Member Server |
Oracle Enterprise Linux 7 Server Level 2 |
Windows 8.1 |
Windows Server 2008 R2 Domain Controller |
Oracle Enterprise Linux 7 Workstation Level 1 |
Windows 8.1 with BitLocker |
Windows Server 2008 R2 Member Server |
Oracle Enterprise Linux 7 Workstation Level 2 |
Windows 10 |
Windows Server 2012 Domain Controller |
|
Windows 10 with BitLocker |
Windows Server 2012 Member Server |
|
Windows 10 Enterprise v1511 |
Windows Server 2016 Domain Controller Level 1 |
|
Windows 10 Enterprise v1511 with BitLocker |
Windows Server 2016 Domain Controller Level 2 |
|
Windows 10 Enterprise v1703 |
Windows Server 2016 Member Server Level 1 |
|
Windows 10 Enterprise v1703 with BitLocker |
Windows Server 2016 Member Server Level 2 |
|
Windows 10 Enterprise v1709 |
CIS Windows Server 2019 Domain Controller |
|
Windows 10 Enterprise v1803 with BitLocker and NextGen |
CIS Windows Server 2019 Member Server |
|
Windows 10 Enterprise v1809 with BitLocker and NextGen |
|
|
Windows 10 Enterprise v1903 |
|
|
Windows 10 Enterprise v1909 |
|
|
Windows 11 Enterprise |
|
|
Windows 11 Enterprise with BitLocker |
|
|
Windows 11 Enterprise with BitLocker and NextGen |
|
|
You can run a scan against multiple types of hosts, such as a mix of various Windows clients and servers. However, for reporting, you can only report on one benchmark at a time. For example, only Windows 7 hosts.
Create a CIS Scan
There are a couple of ways to access and use CIS Benchmark Scans. If auto-enabled credentials are being used for the CIS Benchmark scanning, the default ‘CIS Benchmark Scan’ profile can be used.
- Create a new scan policy or copy an already existing one. For more information on creating and running scans, read: Create and Run Scans.
- From the navigation menu, select Scans > Scan Policies.
- Look for CIS Benchmark Scan. Select the Copy & edit button, found on the right-hand side.
- A new window opens. Rename the Scan Policy to something unique.
- Choose Credentials from the top tab.
- Toggle Compliance Scanning to ON.
- Under Select Credentials choose the credentials to be added.
- If needed, add credentials by choosing + Add Credential.
- Continue to fill the other fields as needed.
- Click Save, or Add Another if required.
Run a CIS Scan
- From the top toolbar select + New.
- Select Scan.
The Create New Scan window opens.
- Under Policy Options select Scan Policy.
- From the drop-down choose the previously named CIS Compliance scan.
- Complete the rest of the settings as needed.
- Select Create and run.
The new Scan will be added to the Upcoming Scheduled Scans list. From this screen you can edit or delete the Scan.