Preparing Organizations for CIS Benchmark Compliance

BackBox has fully customizable CIS Benchmark compliance automations for major network equipment providers supported by the Center for Internet Security. What does that mean?
Whether you’re just beginning with CIS Benchmark compliance or already have an established program, we can support you right from the start with a gap analysis, reporting, and both automated and manual configuration-drift remediation.
These automations are beneficial for both enterprises and service providers and can be customized to fit your specific needs. For instance, if a CIS Benchmark recommends a password of 8 characters but you prefer 10, you can modify the automation while still gaining from all the analysis, reporting, and configuration drift remediation.
What are the CIS Benchmarks?
The CIS Benchmarks are community-developed secure configuration recommendations for hardening organizations’ technologies against cyber attacks.
One area of benchmarks is network devices, including:
- Check Point Firewall
- Cisco
- F5
- Fortinet
- Juniper
- Palo Alto Networks
These benchmarks are available in two forms: a PDF document outlining the requirements for various levels of compliance, or hardened images that can serve as starting points for secure golden configurations.
How can BackBox Help?
With BackBox, we offer over 2,300 pre-built, easily customizable automations in our Automation Library™. Hundreds have been added to support CIS Benchmark compliance, so you don’t have to create them manually from the PDF benchmarks.
Even if you utilized the hardened images, you would still prefer BackBox because it helps manage configuration drift with detailed reporting and notifications to ensure that network operations hygiene is maintained and improved over time.
BackBox automations are unique. No scripting is needed. Anyone who can configure a device via the command line or API can modify or create a BackBox automation.
BackBox and CIS Compliance
By utilizing these ready-to-use CIS Benchmark automations, enterprises and service providers can achieve three key objectives:
Get started with CIS compliance. Within minutes of starting, a gap analysis can be generated across all devices to determine where configuration changes are required to harden them and secure the network.
Monitor the status of CIS compliance. The gap analysis automation generates a report detailing which devices are out of compliance, which rules they fail, and what remediation is necessary. This report serves as a great start to a project plan for bringing devices into compliance and also helps teams monitor the state of compliance. Of course, notifications are available, as is integration with ITSMs, so any drift from compliance can be properly propagated to appropriate teams for remediation.
Automatically remediate compliance drift. Each automation can have remediation activated so that compliance drift is addressed automatically. Like all features of BackBox, notifications can be sent to alert operators when drift is resolved, helping them understand the reasons behind network changes and address the root causes of compliance drift. It’s not an all-or-nothing approach either. It’s quite feasible (and straightforward!) to set up some automations to auto-remediate when compliance checks fail, while other, more complex changes may simply trigger a notification for manual intervention.
These automations not only ensure compliance with regulatory requirements, best practices, and standards, but also help enforce your Golden Config templates. BackBox ensures that your configurations align with best practices and, if they do not, can remediate and implement those changes to your devices.
In the future
BackBox introduces new pre-built automations each month, many of which specifically target the heightened cybercrime activity the company has observed linked to vulnerabilities and breaches in network infrastructure.
Networks must be updated according to the latest CIS guidelines, which is essential for MSPs, MSSPs, and service providers of all types that are responsible for keeping their clients’ networks secure. Without these automations, you face a significant amount of manual and administrative work, with a high potential for human error.
You don’t need to update your version of BackBox to download the CIS Benchmark automations. Simply go to support and download the package(s) you need. Alternatively, contact support and we will be happy to assist you.
If you’re not currently using BackBox, explore its benefits today. Book a 30-minute demo for an interactive tour of the BackBox platform.