A Level 1 profile is intended to be a practical and prudent way to secure a system without too much performance impact.
The Ubuntu CIS benchmarks are organised into different profiles, namely ‘Level 1’ and ‘Level 2’ intended for server and workstation environments. Hardening and auditing done rightĬanonical has actively worked with the CIS to draft operating system benchmarks for Ubuntu 16.04 LTS, 18.04 LTS and 20.04 LTS releases. CIS benchmarks are often a system hardening choice recommended by auditors for industries requiring PCI-DSS and HIPPA compliance, such as banking, telecommunications and healthcare. For some industries, hardening a system against a publicly known standard is a criteria auditors look for. They are also used to secure on-premises deployments. CIS benchmark recommendations are adopted in virtual machines in public and private clouds. Applying CIS benchmarksĬIS benchmarks locks down your systems by removing non-secure programs, disabling unused filesystems, disabling unnecessary ports or services, auditing privileged operations and restricting administrative privileges. The SCAP content for audit tooling that scans the system for compliance is CIS certified. The compliance tooling has two objectives: it lets our customers harden their Ubuntu systems effortlessly and then quickly audit those systems against the published CIS Ubuntu benchmarks. To drastically improve this process for enterprises, Canonical has made CIS automation tooling available to its Ubuntu Advantage for Infrastructure customers. For large deployments and clouds that may not be practically viable.
The CIS benchmark has hundreds of configuration recommendations, so hardening a system manually can be very tedious. It is one of the most recognised industry standards that provides comprehensive secure configuration and configuration hardening checklists in a computing environment. The Center for Internet Security (CIS) is a nonprofit organisation that uses a community-driven process to release benchmarks to safeguard enterprises against cyber attacks.
0 kommentar(er)
