Cisco, CIS Compliance, and BackBox

CIS compliance is complicated. It’s a baseline set of benchmarks defined by the Center for Internet Security for protecting systems like network devices or firewalls.

CIS Benchmarks align with essential industry regulations, including the NIST Cybersecurity Framework (CSF), NIST SP 800-53, ISO 27000 series, PCI DSS, HIPAA, and others. As a result, organizations prioritizing CIS compliance can simultaneously achieve compliance with other industry regulations.

BackBox can help ensure your devices meet CIS Benchmarks and don’t drift with our out-of-the-box automations for customers’ device types. In this blog, we use Cisco devices as an example to describe how we help network engineering teams automate CIS compliance. However, the same process applies to devices from Check Point, F5, Fortinet, Juniper, Palo Alto, and others.

CIS compliance in practice

Cisco and The Center for Internet Security have worked together for nearly two decades, publishing a benchmark for Cisco devices.

BackBox has pre-built automations to jump-start CIS compliance for Cisco devices. So, there’s no need to sift through the latest Cisco Benchmark and manually implement the benchmarks that cover about 225 pages!

Just filter our library of automations on the tag ‘CIS’ to see all the out-of-the-box checks we run. These can be used to get started and, equally important, ensure once you’ve started, you don’t drift from your desired benchmarks.

It’s possible you’ll start with a hardened image. In any case, you have two choices:

1. Without BackBox: Sort through about 225 pages of rules, develop a tracking spreadsheet, and check every device for compliance with the compliance guidelines. Carefully implement each CIS recommendation one-by-one, across every device type, each with its own idiosyncrasies, and then update the spreadsheet.To mitigate drift, recheck every device manually regularly to validate compliance and remediate as needed.
2. With BackBox: Select which of our pre-written CIS automations to implement based on the devices in your environment. Launch an automated procedure to run checks periodically on a schedule you set and send notifications when devices drift out of compliance. Turn on automated remediation or remediate manually if you prefer.If you want to modify an automation to suit your needs, there is no need to start from scratch. Our no-code approach to automation lets you clone an automation you want to use and modify it as required.

For network engineering teams that are drowning in tasks and tired of working nights and weekends, BackBox gives them their life back along with peace of mind that they are maintaining CIS compliance.

How else can BackBox automations help with CIS compliance?

Simplify onboarding: When onboarding a new device, you can run the relevant CIS automations against the device as it’s built to make sure it starts in a compliant way. BackBox helps with device provisioning and aligning configurations with policies.

Streamline audit and reporting: At any time, you can change the audit schedule and process as needed to ensure that devices stay compliant. In the event of a failed check, BackBox can collect information to help troubleshoot and can automatically remediate. You can also run a report on specific devices or all devices, even in multi-vendor environments, to demonstrate compliance to the governance committee and other stakeholders. Our unique and rich automation and remediation possibilities let you notify, report, and remediate all within the same automation.

Summary

BackBox eliminates the tedious, time-consuming, and error-prone activity of implementing CIS Benchmarks manually. Our pre-built automations and a no-code way to customize or build new ones, arms network engineers with an easy and trusted approach to automate all aspects of compliance, including checks, remediation, reporting, and onboarding new devices.

Discover the advantages of BackBox today. Schedule a 30-minute demo for an interactive tour of the BackBox platform.