# CIS Benchmark Notes

## XDR CIS Benchmark Process

Read This!

CIS Benchmarks are applied in Packer (packer/lcp/vmware/salt/cis-hardening-rhel-7). Some CIS benchmarks need to be maintained after launch to ensure compliance. These CIS benchmarks are applied by Salt. Duplicates between these two are OK because Salt has the final say. Salt states in `os_modifications` should take precedence over CIS if it makes sense. The CIS benchmark saltstates support the `os_modification` saltstates, not replace. 

XDR CIS Exception process:
- Open ticket in COMP Jira ticket queue with details about CIS exception
- Use the [CIS Execption Template](https://jira.xdr.accenturefederalcyber.com/browse/COMP-29)
Summary: CIS Exception for <CIS control e.g. 5.4.1.1>
- Get ticket approved 
- Add exception to the GitHub Wiki [here](https://github.xdr.accenturefederalcyber.com/mdr-engineering/msoc-infrastructure/wiki/CIS-Exceptions) 


## CIS Benchmark Version
Qualys is currently set to CIS Red Hat Enterprise Linux 7 Benchmark v2.2.0 Level 1 and Level 2.
XDR is moving to CIS benchmark version level 2 v3.0.1, then v3.1.x

## CIS Workbench Benchmark Scanner
Use this as a command line CIS benchmarks scanner. Download from here: [CIS Workbench Scanner](https://workbench.cisecurity.org/). Use your AFS email when you request access. 
`CIS-CAT Pro Assessor, v4`

At [CIS](https://cisecurity.org) -> Click on username -> Accenture LLP -> Licenses -> grab it for the CIS-CAT Pro Assessor.  Use these directions to place LLP License file in the CIS-CAT Pro folder - [License Instructions](https://ccpa-docs.readthedocs.io/en/latest/Configuration%20Guide/#license)