[mdlug] Cool benchmark website from mdlug meeting

Carl T. Miller carl at carltm.com
Sat Feb 2 08:59:43 EST 2013 

Thanks, Mat.  That sounds like a winner.  I want to see
what they have to say about Red Hat.

c


On 02/02/2013 08:57 AM, Mat Enders wrote:
> Let click one page deep on their site for you and copy out the relevant
> statement.
>
>
> The CIS Benchmarks are the *only* consensus-based, best-practice security
> configuration guides both developed and accepted by government, business,
> industry, and academia.
>
> The Benchmarks are:
>
>     - Recommended technical control rules/values for hardening operating
>     systems, middleware and software applications, and network devices;
>     - Unique, because the recommendations are defined via consensus among
>     hundreds of security professionals worldwide;
>     - Downloaded several hundred thousand times per year;
>     - Distributed free of charge by CIS in .PDF format (many benchmarks are
>     also available to CIS Security Benchmarks Members
> inXCCDF<http://scap.nist.gov/specifications/xccdf/>,
>     a machine-readable XML format for use with benchmark assessment
> tools<http://benchmarks.cisecurity.org/downloads/audit-tools/>  and
>     Members' custom scripts);
>     - Used by thousands of enterprises as the basis for security
>     configuration policies and the de facto standard for IT configuration best
>     practices.
>
>
>
> On Sat, Feb 2, 2013 at 8:52 AM, Carl T. Miller<carl at carltm.com>  wrote:
>
>> On 01/12/2013 02:21 PM, Tony Bemus wrote:
>>
>>> David Wood talked about this website during the meeting and it looked
>>> realy cool and useful for business:
>>>
>>> http://benchmarks.cisecurity.**org/<http://benchmarks.cisecurity.org/>
>>>
>>>
>> Just catching up on email for the last month.
>>
>> I took a quick look at this site and wondered what it's all about.
>>
>> When I think of benchmarks, I think of specs that tell how something
>> is performing.  But if this is about security, I would expect it
>> would have best practices for securing servers.  Is that what they
>> mean by a benchmark?
>>
>> I'd like a better description of what they provide before I sign up
>> for an account.  So...what exactly do they provide?
>>
>> c
>> ______________________________**_________________
>> mdlug mailing list
>> mdlug at mdlug.org
>> http://mdlug.org/mailman/**listinfo/mdlug<http://mdlug.org/mailman/listinfo/mdlug>
>>
>
>
>

More information about the mdlug mailing list