CIS Benchmark Scanning
Utilize CIS Benchmark Scanning to verify your compliance with industry standard security best practices.
What is CIS Benchmark Scanning?
According to CIS Security, CIS Benchmarks are best practices for the secure configuration of a target system.
We support the following CIS Benchmarks:
Windows | Windows Server | Oracle |
---|---|---|
Windows 7 | Windows Server 2008 Domain Controller | Oracle Enterprise Linux 7 Server Level 1 |
Windows 7 with BitLocker | Windows Server 2008 Member Server | Oracle Enterprise Linux 7 Server Level 2 |
Windows 8.1 | Windows Server 2008 R2 Domain Controller | Oracle Enterprise Linux 7 Workstation Level 1 |
Windows 8.1 with BitLocker | Windows Server 2008 R2 Member Server | Oracle Enterprise Linux 7 Workstation Level 2 |
Windows 10 | Windows Server 2012 Domain Controller | |
Windows 10 with BitLocker | Windows Server 2012 Member Server | |
Windows 10 Enterprise v1511 | Windows Server 2016 Domain Controller Level 1 | |
Windows 10 Enterprise v1511 with BitLocker | Windows Server 2016 Domain Controller Level 2 | |
Windows 10 Enterprise v1703 | Windows Server 2016 Member Server Level 1 | |
Windows 10 Enterprise v1703 with BitLocker | Windows Server 2016 Member Server Level 2 | |
Windows 10 Enterprise v1709 | CIS Windows Server 2019 Domain Controller | |
Windows 10 Enterprise v1803 with BitLocker and NextGen | CIS Windows Server 2019 Member Server | |
Windows 10 Enterprise v1809 with BitLocker and NextGen | ||
Windows 10 Enterprise v1903 | ||
Windows 10 Enterprise v1909 | ||
Windows 11 Enterprise | ||
Windows 11 Enterprise with BitLocker | ||
Windows 11 Enterprise with BitLocker and NextGen |
You can run a scan against multiple types of hosts, such as a mix of various Windows clients and servers. However, for reporting, you can only report on one benchmark at a time. For example, only Windows 7 hosts.
Create a CIS Scan
There are a couple of ways to access and use CIS Benchmark Scans. If auto-enabled credentials are being used for the CIS Benchmark scanning, the default CIS Benchmark Scan profile can be used.
- Create a new scan policy or copy an already existing one. For more information on creating and running scans, see Create and Run Scans.
- From the navigation menu, select Scans > Scan Policies.
- Look for CIS Benchmark Scan, and then select the Copy & edit button. A new window opens.
- Rename the Scan Policy to something unique.
- Select Credentials from the top tab.
- Toggle Compliance Scanning to ON.
- Under Select Credentials, select the credentials you want to add.
- If needed, add credentials by selecting + Add Credential.
- Complete the rest of the fields as needed.
- Select Save, or Add Another (if necessary).
Run a CIS Scan
- From the top toolbar, select + New.
- Select Scan.The Create New Scan window opens.
- Under Policy Options, select Scan Policy.
- From the drop-down menu, select the CIS Compliance scan you renamed in step 4 of Create a CIS Scan.
- Complete the rest of the settings as needed.
- Select Create and run.
The new scan will be added to the Upcoming Scheduled Scans list. From this screen you can edit or delete the scan.