CIS Benchmark Notes.md 1.2 KB
CIS Benchmark Notes
XDR CIS Benchmark Process
Read This!
CIS Benchmarks are applied in Packer (packer/lcp/vmware/salt/cis-hardening-rhel-7). Some CIS benchmarks need to be maintained after lauch to ensure compliance. These CIS benchmarks are applied by Salt. Duplicates between these two are OK because Salt has the final say.
XDR CIS Exception process:
- Open ticket in COMP Jira ticket queue with details about CIS exception
- Use the CIS Execption template Summary: CIS Exception for
- Get ticket approved
- Add exception to the GitHub Wiki here
CIS Benchmark Version
Qualys is currently set to CIS Red Hat Enterprise Linux 7 Benchmark v2.2.0 Level 1 and Level 2.
CIS Benchmark Scanner
Use this as a command line CIS benchmarks scanner. Download from here: CIS Workbench Scanner. Use your AFS email to get access.
CIS-CAT Pro Assessor, v3
In cisecurity.org -> Click on username -> Accenture LLP -> LIcenses -> grab it for the CIS-CAT scanner.