[mdlug] Cool benchmark website from mdlug meeting
Mat Enders
mat.enders at gmail.com
Sat Feb 2 09:00:57 EST 2013
They're just going to tell you how to lock it down
On Sat, Feb 2, 2013 at 8:59 AM, Carl T. Miller <carl at carltm.com> wrote:
> Thanks, Mat. That sounds like a winner. I want to see
> what they have to say about Red Hat.
>
> c
>
>
>
> On 02/02/2013 08:57 AM, Mat Enders wrote:
>
>> Let click one page deep on their site for you and copy out the relevant
>> statement.
>>
>>
>> The CIS Benchmarks are the *only* consensus-based, best-practice security
>>
>> configuration guides both developed and accepted by government, business,
>> industry, and academia.
>>
>> The Benchmarks are:
>>
>> - Recommended technical control rules/values for hardening operating
>>
>> systems, middleware and software applications, and network devices;
>> - Unique, because the recommendations are defined via consensus among
>>
>> hundreds of security professionals worldwide;
>> - Downloaded several hundred thousand times per year;
>> - Distributed free of charge by CIS in .PDF format (many benchmarks
>> are
>>
>> also available to CIS Security Benchmarks Members
>> inXCCDF<http://scap.nist.gov/**specifications/xccdf/<http://scap.nist.gov/specifications/xccdf/>
>> >,
>>
>> a machine-readable XML format for use with benchmark assessment
>> tools<http://benchmarks.**cisecurity.org/downloads/**audit-tools/<http://benchmarks.cisecurity.org/downloads/audit-tools/>>
>> and
>> Members' custom scripts);
>> - Used by thousands of enterprises as the basis for security
>>
>> configuration policies and the de facto standard for IT configuration
>> best
>> practices.
>>
>>
>>
>> On Sat, Feb 2, 2013 at 8:52 AM, Carl T. Miller<carl at carltm.com> wrote:
>>
>> On 01/12/2013 02:21 PM, Tony Bemus wrote:
>>>
>>> David Wood talked about this website during the meeting and it looked
>>>> realy cool and useful for business:
>>>>
>>>> http://benchmarks.cisecurity.****org/<http://benchmarks.**
>>>> cisecurity.org/ <http://benchmarks.cisecurity.org/>>
>>>>
>>>>
>>>> Just catching up on email for the last month.
>>>
>>> I took a quick look at this site and wondered what it's all about.
>>>
>>> When I think of benchmarks, I think of specs that tell how something
>>> is performing. But if this is about security, I would expect it
>>> would have best practices for securing servers. Is that what they
>>> mean by a benchmark?
>>>
>>> I'd like a better description of what they provide before I sign up
>>> for an account. So...what exactly do they provide?
>>>
>>> c
>>> ______________________________****_________________
>>> mdlug mailing list
>>> mdlug at mdlug.org
>>> http://mdlug.org/mailman/****listinfo/mdlug<http://mdlug.org/mailman/**listinfo/mdlug>
>>> <http://mdlug.**org/mailman/listinfo/mdlug<http://mdlug.org/mailman/listinfo/mdlug>
>>> >
>>>
>>>
>>
>>
>>
> ______________________________**_________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/**listinfo/mdlug<http://mdlug.org/mailman/listinfo/mdlug>
>
--
Mathew E. Enders
"Where once Samba and Apache sold Linux to the world they are now just part
of the plumbing. But that's OK, plumbers make good money."
--Jeremy Allison
More information about the mdlug
mailing list