CIS Benchmarks are configuration guidelines developed by experts in US government, business, industry, and academia to help organizations assess and improve their security. These benchmarks, developed by the nonprofit Center for Internet Security (CIS), are consensus-based and provide a broad baseline to safeguard private and public organizations against cyber threats. CIS Benchmarks are often viewed as the global standard and are recognized best practices for securing IT systems and data against the most pervasive attacks.
CIS Benchmarks are well-defined and, due to their consensus-based approach, generally viewed as unbiased. Consensus participants provide perspective from a diverse set of backgrounds including consulting, software development, audit and compliance, security research, operations, government, and legal. CIS Benchmarks are used by thousands of enterprises as the basis for security configuration policies and the de facto standard for IT configuration best practices.
For organizations that operate using public cloud computing environments, meeting both CIS Benchmark requirements and the shared responsibility model of cloud computing provides a sound compliance framework. The shared responsibility model stipulates that cloud service providers are responsible for securing the underlying infrastructure that supports the cloud, while their customers are responsible for security in the cloud. Adherence to the shared responsibility model does not negate an organization’s responsibility to also embrace CIS.
For any organization that operates in a public cloud environment, adherence to both CIS and the shared security model is a must. Fortunately, RedLock is here to help organizations meet both requirements.
RedLock automatically discovers cloud resources as soon as they are created, and then immediately profiles them to understand which policies to assess for CIS compliance.
Compliance and security teams can easily view, monitor and report on the CIS compliance status of all public cloud environments, quickly noting resources that pass and fail the CIS requirements.
RedLock continuously monitors cloud computing resources for violations and automatically alerts the appropriate for remediation.
RedLock not only enables you to report on your current CIS compliance posture, but also maintains historical snapshots of your environment, enabling you to prove compliance for any past periods.
RedLock’s custom compliance dashboard enables organizations to create their control panel to view and manage CIS compliance, including a summary for all your public cloud computing environments. With RedLock, you can easily and quickly see the number of resources passing and failing compliances checks.
During an audit, organizations are asked to prove compliance for a given time period. This poses significant challenges in public cloud computing environments where users are constantly making changes without a security review. RedLock enables you to report on your current compliance posture, including CIS, and also maintains historical snapshots of your environment, enabling you to prove compliance for any past periods as well.