How to meet STIG compliance and achieve OS security with CIS – Guide
Organizations whose mission is to comply with the regulatory framework are aware of the challenges they face. In addition to resource time, ensuring compliance can be costly. Public sector organizations and their contractors and consultants also understand the importance of complying with the Defense Information Systems Agency’s Security Technology Implementation Guide (DISA STIG). These configuration standards apply to DoD Information Assurance (IA) and IA enabled devices / systems. Built by the Center for Internet Security (CIS) benchmark CIS When CIS cured image mapped to these guides to help you more easily comply with DISASTIG.
CIS Benchmark and Enhanced Image for OS Security
CIS maintains more than 100 secure configuration guidelines across more than 25 product families. This normative guidance is developed by a community of cybersecurity professionals. In fact, CIS manages a community that develops the only consensus-based cybersecurity guidelines created and accepted by industry, government, academia, and business. In particular, one of the biggest areas of CIS benchmarking technology is the operating system.
Operating system security and DISASTIG compliance with CIS
however, comply with the regulatory framework Relevant governing bodies such as PCI DSS, HIPAA, DoD Cloud Computing SRG and DISA STIG recognize the CIS benchmark as an acceptable standard to help meet compliance. In addition, CIS Hardened Images has already applied these standards to VM images, saving time and resources. More specifically, guidance from the DoD Cloud Computing SRG shows that the CIS benchmark is an acceptable alternative to STIG. DoD Cloud Computing SRG, Version 1, Version 3, Status: “Impact Level 2: The use of STIG and SRG by CSP is desirable, but industry standard baselines, such as those provided by the Internet Security Center (CIS) benchmark, are accepted as an alternative to STIG and SRG.” DoD specifically refers to the CIS benchmark, but many organizations still need to leverage STIG for DoDIA and IA enabled devices / systems. Therefore, CIS provides CIS benchmarks that map directly to the STIG standard for operating system security. In addition, CIS creates CIS-enhanced images that conform to the CIS STIG benchmark standard. Therefore, these virtual machine images also provide OS security to help meet STIG compliance in the public cloud.
New: CISSTIG Compliance Features Update
If you are familiar with the features of CIS STIG, you can find structural updates in your profile. Previously, the CIS STIG benchmark included a Level 3 profile to meet the recommendations needed to meet STIG compliance not covered by Levels 1 and 2. The new STIG profile is now replaced by the Level 3 profile. This new STIG profile makes it easier for users to identify all specific STIG recommendations. Overlay of other profiles, Levels 1, 2 and the next generation, also exists in the STIG profile. If the recommendations from the STIG profile conflict with the recommendations from the CIS benchmark, they will be indicated in the description of the recommendations. To make STIG compliance even easier, here is a breakdown of the information in the Additional Information section of the CISSTIG Benchmark. Download CIS Benchmark
What’s to come for CIS STIG compliance
Currently, CIS offers four CISSTIG benchmarks and four enhanced CISSTIG images across AWS, Azure, GCP and Oracle Cloud Marketplace. Finally, CIS STIG Hardened Images provides enhanced operating system security in the public cloud. Access a pre-configured VM for STIG compliance. CIS is proud to provide users with numerous features to support operating system security and meet STIG compliance.
Final note
I hope you like the guide How to meet STIG compliance and achieve OS security with CIS. In case if you have any query regards this article you may ask us. Also, please share your love by sharing this article with your friends.