CIS Certfications¶
About CIS¶
CIS is an independent, nonprofit organization with a mission to create confidence in the connected world.
What are the CIS Benchmarks¶
CIS Benchmarks are best practices for the secure configuration of a target system. Available for more than 100 CIS Benchmarks across 25+ vendor product families, CIS Benchmarks are developed through a unique consensus-based process comprised of cybersecurity professionals and subject matter experts around the world. CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia.
KICS Awarded Certifications¶
KICS (from the version 1.4.4 to the latest) has been awarded the following certifications: - CIS Amazon Web Services Foundations Benchmark v1.4.0, Level 1 - CIS Amazon Web Services Foundations Benchmark v1.4.0, Level 2
What are the Level 1, Level 2 certifications?¶
Most CIS Benchmarks include multiple configuration profiles. A profile definition describes the configurations assigned to benchmark recommendations.
The Level 1 profile is considered a base recommendation that can be implemented fairly promptly and is designed to not have an extensive performance impact. The intent of the Level 1 profile benchmark is to lower the attack surface of your organization while keeping machines usable and not hindering business functionality.
The Level 2 profile is considered to be "defense in depth" and is intended for environments where security is paramount. The recommendations associated with the Level 2 profile can have an adverse effect on your organization if not implemented appropriately or without due care.
Additional Info¶
- https://www.cisecurity.org/cis-benchmarks/cis-benchmarks-faq/
- https://www.cisecurity.org/partner/checkmarx/