[mdlug] Cool benchmark website from mdlug meeting

Mat Enders mat.enders at gmail.com
Sat Feb 2 08:57:31 EST 2013 

Let click one page deep on their site for you and copy out the relevant
statement.


The CIS Benchmarks are the *only* consensus-based, best-practice security
configuration guides both developed and accepted by government, business,
industry, and academia.

The Benchmarks are:

   - Recommended technical control rules/values for hardening operating
   systems, middleware and software applications, and network devices;
   - Unique, because the recommendations are defined via consensus among
   hundreds of security professionals worldwide;
   - Downloaded several hundred thousand times per year;
   - Distributed free of charge by CIS in .PDF format (many benchmarks are
   also available to CIS Security Benchmarks Members
inXCCDF<http://scap.nist.gov/specifications/xccdf/>,
   a machine-readable XML format for use with benchmark assessment
tools<http://benchmarks.cisecurity.org/downloads/audit-tools/> and
   Members' custom scripts);
   - Used by thousands of enterprises as the basis for security
   configuration policies and the de facto standard for IT configuration best
   practices.



On Sat, Feb 2, 2013 at 8:52 AM, Carl T. Miller <carl at carltm.com> wrote:

> On 01/12/2013 02:21 PM, Tony Bemus wrote:
>
>> David Wood talked about this website during the meeting and it looked
>> realy cool and useful for business:
>>
>> http://benchmarks.cisecurity.**org/ <http://benchmarks.cisecurity.org/>
>>
>>
> Just catching up on email for the last month.
>
> I took a quick look at this site and wondered what it's all about.
>
> When I think of benchmarks, I think of specs that tell how something
> is performing.  But if this is about security, I would expect it
> would have best practices for securing servers.  Is that what they
> mean by a benchmark?
>
> I'd like a better description of what they provide before I sign up
> for an account.  So...what exactly do they provide?
>
> c
> ______________________________**_________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/**listinfo/mdlug<http://mdlug.org/mailman/listinfo/mdlug>
>



-- 
Mathew E. Enders

"Where once Samba and Apache sold Linux to the world they are now just part
of the plumbing.  But that's OK, plumbers make good money."
--Jeremy Allison

More information about the mdlug mailing list