Selecting a CIS Benchmark

Selecting a CIS Benchmark

From a previously configured computer, visit: The Center for Internet Security

Obtain a version of the Center for Internet Security's Benchmark Guide appropriate for your OS. Windows installers will want to download the Windows Scoring Tool archive.

If given the option, try to use the most secure benchmark (e.g. Level 1) for your operating system.

Be sure to print the PDF files to aid in your configuration.

Using CIS Benchmarks

Following a benchmark can be time consuming -- several hours in fact. Windows installers are given a supplementary 'Implementation Guide' that quickly steps through how to select and install one of the available INF templates.

Be sure to sketch out a testing protocol (i.e. does word function as expected, can I get to PeopleSoft, does that old dBase app work, etc.)

If that benchmark is too restrictive for your needs, use the next level. Once you've found the break point you can experiment with turning on various options to crate a custom benchmark/template that allows for the greatest security in your environment with out breaking apps or overburdening your users.

The benchmarks make this task relatively straightforward as each configuration suggestion is accompanied by a helpful explanation to help the installer determine if that particular option is appropriate.