CIS BENCHMARK AUDIT

CIS (Center for Internet Security) benchmarks are a set of best practices and guidelines for securing computer systems, networks, and cloud providers. A CIS Benchmark Audit has over 100 secure configurations across the following categories:

Cloud providers (AWS, GCP, Azure, Oracle, Microsoft Office 365, Google Workspace)
Operations systems (Windows, Unix)
Server software (Web servers, Kubernetes, Databases)
Mobile devices (Apple, Android)
Network devices (Cisco, Palo Alto, Fortinet, Check Point)
Desktop software (Microsoft Office, Web browsers)

AWS

Identify misconfigured IAM policies, incorrect S3 bucket permissions, and overly permissive security group rules.

Azure

Precisely identify issues like permissive network security group rules, incorrectly configured Azure Storage access, and misconfigured Azure Active Directory policies.

GCP

Determine concerns such as overly permissive firewall rules, improper Google Cloud Storage bucket permissions, and incorrectly configured Identity and Access Management (IAM) roles in GCP.

Microsoft Office 365

Locate issues such as, but not limited to, improperly configured user permissions, lackluster email security settings, and vulnerabilities related to SharePoint and OneDrive configurations.

Google Workspace

Address concerns like improperly configured user access controls, inadequate email security settings within your organization, and vulnerabilities related to both Google Drive and shared documents.

Windows and Imox

Find misconfigured user permissions, lacking system settings that may be putting your organization at risk, and vulnerabilities associated with the OS.

iOS and Android

Pinpoint issues such as insecure app permissions, insufficient data encryption, and vulnerabilities related to mobile application configurations.

Kubernetes

Offer remediation opportunities for misconfigured pod security policies, deficient network segmentation, and vulnerabilities associated with Kubernetes cluster configurations.

A CIS Benchmark Audit is conducted as follows:

1. Preparation and Planning:

Identify the scope and the requirements to get started

2. Benchmark Assessment Compliance:

Review the specific CIS benchmark documents relevant to the audited systems and platforms
Compare the configurations and settings of the assets in the inventory to the recommended benchmarks
Identify any deviations from the benchmarks and document them

3. Vulnerability Identification:

Analyze the deviations from the CIS benchmarks to identify potential vulnerabilities and security weaknesses
Assess the severity and potential impact of each identified vulnerability.

4. Documentation and Reporting:

Create detailed reports that include findings, deviations from CIS benchmarks and the identified vulnerabilities
Provide recommendations and remediation steps for addressing the identified issues.
Include evidence and supporting documentation for each finding

5. Verification and Validation:

After remediation, verify that the identified vulnerabilities have been addressed and configurations have been brought into compliance with CIS benchmarks
Validate that the implemented changes do not introduce new security issues

Get in Touch

+1 438 282 2812

Corporate:
omihaque@canadarecruitmentnexus.com
info@canadarecruitmentnexus.com

Candidate:
canadarecruitmentnexus@gmail.com

CIS BENCHMARK AUDIT

Get in Touch

CONTACT

US

Corporate:
omihaque@canadarecruitmentnexus.com
info@canadarecruitmentnexus.com
Candidate:
canadarecruitmentnexus@gmail.com

Vancouver, Canada

CIS BENCHMARK AUDIT

Get in Touch

CONTACT

US

Corporate: omihaque@canadarecruitmentnexus.com info@canadarecruitmentnexus.com Candidate: canadarecruitmentnexus@gmail.com

Vancouver, Canada

Corporate:
omihaque@canadarecruitmentnexus.com
info@canadarecruitmentnexus.com
Candidate:
canadarecruitmentnexus@gmail.com