CIS Benchmark Notes.md 1.6 KB
CIS Benchmark Notes
XDR CIS Benchmark Process
Read This!
CIS Benchmarks are applied in Packer (packer/lcp/vmware/salt/cis-hardening-rhel-7). Some CIS benchmarks need to be maintained after launch to ensure compliance. These CIS benchmarks are applied by Salt. Duplicates between these two are OK because Salt has the final say. Salt states in os_modifications should take precedence over CIS if it makes sense. The CIS benchmark saltstates support the os_modification saltstates, not replace.
XDR CIS Exception process:
- Open ticket in COMP Jira ticket queue with details about CIS exception
- Use the CIS Execption Template Summary: CIS Exception for
- Get ticket approved
- Add exception to the GitHub Wiki here
CIS Benchmark Version
Qualys is currently set to CIS Red Hat Enterprise Linux 7 Benchmark v2.2.0 Level 1 and Level 2. XDR is moving to CIS benchmark version level 2 v3.0.1, then v3.1.x
CIS Workbench Benchmark Scanner
Use this as a command line CIS benchmarks scanner. Download from here: CIS Workbench Scanner. Use your AFS email when you request access.
CIS-CAT Pro Assessor, v4
At CIS -> Click on username -> Accenture LLP -> Licenses -> grab it for the CIS-CAT Pro Assessor. Use these directions to place LLP License file in the CIS-CAT Pro folder - License Instructions