Skip to main content
HashnodeMust known terminologies for SRE

Command Palette

Search for a command to run...

CIS Benchmarks

Published
2 min read
A
Abhishek Reddy A N

Center for Internet Security (CIS).

CIS Benchmarks are well-defined, consensus-based best practices to securely configure operating systems, network devices, applications, and cloud services.
They help organizations reduce vulnerabilities, improve security posture, and maintain compliance with frameworks like ISO 27001, NIST, and SOC 2.

🧩 Example:

Let’s say you’re managing Linux servers or network switches:

  • CIS Benchmark for Ubuntu Linux recommends disabling root SSH login, enforcing password complexity, and setting audited rules.

  • CIS Benchmark for Dell/Network Devices (or Cisco IOS) might suggest disabling unused services (like CDP/LLDP), applying secure SNMP configurations, or using SSH instead of Telnet.

💼 Why It’s Important for SRE / Network / DevOps Roles:

  • Ensures secure baseline configurations for servers, containers, and network devices.

  • Helps meet security & compliance audit requirements.

  • Enables proactive vulnerability management by hardening systems before deployment.

🛠️ Real-time Example:

Scenario:
You’re deploying EC2 instances on AWS for production workloads.
Before going live, you use the CIS AWS Foundations Benchmark to:

  • Ensure CloudTrail is enabled across all regions.

  • Restrict root account usage.

  • Enforce MFA for console logins.

  • Encrypt S3 buckets with KMS.

These checks align your cloud setup with CIS security standards.

Benchmark Levels

Each CIS Benchmark provides two main security levels:

  • Level 1: Basic, essential settings that have minimal impact on functionality and are widely applicable.

    • Everyday enterprise systems needing baseline protection

  • Level 2: Advanced, stringent recommendations for highly sensitive environments, which may reduce system functionality but offer stronger security.

    • Highly secure or regulated environments (banks, defense, healthcare)

  • A third level, the STIG profile, may appear for benchmarks aligned to US government Defense Information Systems Agency guidelines

    • Security Technical Implementation Guide.

    • STIGs define how to configure systems securely so they meet strict military-grade security requirements.

✅ Key Takeaways:

  • CIS Benchmarks = standardized hardening guides.

  • Applied across OS, Databases, Cloud, Network Devices.

  • Used in security automation tools like Ansible, Chef, Terraform, and CIS-CAT for compliance checks.

  • Enhances incident prevention and reduces attack surface.

#cis#sre-devops

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Must known terminologies for SRE

8 posts