[mdlug] Cool benchmark website from mdlug meeting

Mat Enders mat.enders at gmail.com
Sat Feb 2 09:00:57 EST 2013


They're just going to tell you how to lock it down


On Sat, Feb 2, 2013 at 8:59 AM, Carl T. Miller <carl at carltm.com> wrote:

> Thanks, Mat.  That sounds like a winner.  I want to see
> what they have to say about Red Hat.
>
> c
>
>
>
> On 02/02/2013 08:57 AM, Mat Enders wrote:
>
>> Let click one page deep on their site for you and copy out the relevant
>> statement.
>>
>>
>> The CIS Benchmarks are the *only* consensus-based, best-practice security
>>
>> configuration guides both developed and accepted by government, business,
>> industry, and academia.
>>
>> The Benchmarks are:
>>
>>     - Recommended technical control rules/values for hardening operating
>>
>>     systems, middleware and software applications, and network devices;
>>     - Unique, because the recommendations are defined via consensus among
>>
>>     hundreds of security professionals worldwide;
>>     - Downloaded several hundred thousand times per year;
>>     - Distributed free of charge by CIS in .PDF format (many benchmarks
>> are
>>
>>     also available to CIS Security Benchmarks Members
>> inXCCDF<http://scap.nist.gov/**specifications/xccdf/<http://scap.nist.gov/specifications/xccdf/>
>> >,
>>
>>     a machine-readable XML format for use with benchmark assessment
>> tools<http://benchmarks.**cisecurity.org/downloads/**audit-tools/<http://benchmarks.cisecurity.org/downloads/audit-tools/>>
>>  and
>>     Members' custom scripts);
>>     - Used by thousands of enterprises as the basis for security
>>
>>     configuration policies and the de facto standard for IT configuration
>> best
>>     practices.
>>
>>
>>
>> On Sat, Feb 2, 2013 at 8:52 AM, Carl T. Miller<carl at carltm.com>  wrote:
>>
>>  On 01/12/2013 02:21 PM, Tony Bemus wrote:
>>>
>>>  David Wood talked about this website during the meeting and it looked
>>>> realy cool and useful for business:
>>>>
>>>> http://benchmarks.cisecurity.****org/<http://benchmarks.**
>>>> cisecurity.org/ <http://benchmarks.cisecurity.org/>>
>>>>
>>>>
>>>>  Just catching up on email for the last month.
>>>
>>> I took a quick look at this site and wondered what it's all about.
>>>
>>> When I think of benchmarks, I think of specs that tell how something
>>> is performing.  But if this is about security, I would expect it
>>> would have best practices for securing servers.  Is that what they
>>> mean by a benchmark?
>>>
>>> I'd like a better description of what they provide before I sign up
>>> for an account.  So...what exactly do they provide?
>>>
>>> c
>>> ______________________________****_________________
>>> mdlug mailing list
>>> mdlug at mdlug.org
>>> http://mdlug.org/mailman/****listinfo/mdlug<http://mdlug.org/mailman/**listinfo/mdlug>
>>> <http://mdlug.**org/mailman/listinfo/mdlug<http://mdlug.org/mailman/listinfo/mdlug>
>>> >
>>>
>>>
>>
>>
>>
> ______________________________**_________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/**listinfo/mdlug<http://mdlug.org/mailman/listinfo/mdlug>
>



-- 
Mathew E. Enders

"Where once Samba and Apache sold Linux to the world they are now just part
of the plumbing.  But that's OK, plumbers make good money."
--Jeremy Allison


More information about the mdlug mailing list