CIS Benchmarks are complementary standards that provide guidance on secure configuration settings for various software, systems, and platforms.  The CIS benchmarks are publicly available, and come in two different levels, 1 and 2. Level 1 provides a basic set of security configurations for the system, whereas level 2 enhances the security posture.  Similar to the Department of Defense Security Technical Implementation Guides (STIG). However, the CIS Benchmarks do not describe the risks or provide a risk measurement to assist in determining the impact of not applying the specific configuration. 

 

Additional Detail: CIS Benchmarks aim to help organizations implement security best practices for different technologies.

Applicability: CIS Benchmarks are relevant for organizations seeking secure configuration guidance and best practices.

URL: CIS Benchmarks