Search
Generic filters

CIS Compliance: Automate to Accelerate

June 20, 2023

CIS Compliance: Automate to Accelerate

Shift your CIS compliance into automatic.

Imagine your CIS Benchmark process like it’s a car. At first, manual processes were the only way to drive. But manual transmissions required specialized skills to drive. So automatic transmissions came out. They didn’t operate perfectly at first… maybe you couldn’t drive in reverse. But within a few years, the technology was refined and shifting automation was an option you could choose. By 1957, most people in the US had shifted to automatic. It’s easier to learn, moves you from 0-60 faster and it takes the work out of driving.

CIS Benchmarks compliance automation works the same way. The technology has now been perfected over thousands of implementations. Soon it will reach its tipping point, just like automatic transmissions. With its machine-readable configurations, you can automate configuration management processes to transform your approach to security and compliance. You also combine the scanning, conflict resolution, compliance monitoring, and remediation all in one location, “under the hood.” Overall, it simplifies the compliance process and enables less skilled admins to drive:

  • Minimize conflicts and rollbacks.
  • Automate policy ingest and deployment processes.
  • Measure the impact of testing.
  • Eliminate drift.
  • Localize CIS Benchmarks.
  • Comply faster and easier than ever before.

Shifting Gears

CIS Benchmark compliance is cumbersome work that you can’t overcome by just “working harder.” Even people who have the technical background to do the work may not have the bandwidth to maintain the updates manually. Automating your CIS Benchmark compliance processes eliminates many of the frustrating trial-by-error challenges that the manual process creates.

Managing CIS Benchmark compliance is a technical, repetitive, machine-driven process. That makes it perfect for automation. Because it is user-friendly, your less-experienced admins can perform the CIS Benchmark implementation and remediation process, giving your senior-level staff more time to focus on critical tasks that require their skills. With everyone focusing on tasks that match their skill level, you get happier – and more productive – employees.

Check Your Timing Belt

Sometimes, CIS Benchmarks fall out of compliance, meaning that the configuration you had isn’t in place anymore or doesn’t provide the security you wanted it to anymore. They are technical configurations updated regularly, usually quarterly, so you know that you’re going to have to remediate them on an ongoing basis. Additionally, compliance drift can happen at any time as a result of everyday production support used to keep systems available can take Benchmarks out of compliance.

Most people are used to having separate processes to address CIS Benchmark issues in each of the following stages:

  • Development
  • Integration
  • Authorization and Accreditation
  • Deployment
  • Sustainment

This separation creates a lot of extra work and increases the overall costs. For example, if you find a CIS Benchmark conflict in the development phase, it could cost $1000 to fix. That amount seems like a lot of money until you realize that if you wait until the Authorization and Accreditation phase – or later – it can cost 100 times more. Once you get to those later stages in the life cycle, you must gain waivers because the CIS Benchmarks don’t play nicely with the applications.

If you know what CIS Benchmark conflicts are going to happen with an application or in your environment early on, you can make the necessary adjustment to code or configuration before completing the hardening process. With automation, you can test for conflicts easily and quickly at each application development phase, saving you time, frustration, and money in the long term.

Get Streamlined

The manual policy ingest and deploy processes add another layer of time-consuming, boring work for your admin. Just like shifting gears with a manual transmission while going uphill is a pain, so is the quarterly process of downloading, importing, and ingesting the CIS Benchmarks.

Every time CIS pushes out a new Benchmark, your admin must “filter on differences,” manually comparing new controls to the old controls. Since you’re only running the test against the changes, it takes less time, but that doesn’t mean it’s fast. Automation eliminates the manual work and streamlines the ingest and deploy process.

Take a Test Drive

While you might enjoy taking a new car for a test drive, your admin doesn’t enjoy testing new Benchmarks. CIS Benchmarks are numerous. Each one contains many discrete security controls that address various security issues that include everything from operating system registries to audit policy configurations. To understand just how complex and time consuming this process can be, the CIS Benchmarks for Windows 11 contains 508 controls. To avoid the painful testing process, many admins just create waivers so that they don’t have to manually test and identify the correct setting for each control.

With automation, your administrator can rapidly test every CIS Benchmark control for an operating environment, usually within 60 minutes. By eliminating the manual processes:

  • Your team no longer avoids testing
  • Auditors don’t have to review a long list of waivers
  • Your security is better

Prevent a Ticket

No one likes a speeding ticket. Not only do you end up paying money, but you also lose the time it takes to pull over, hand over your information, and have the officer write the ticket. When a CIS Benchmark control breaks something in an application or environment, your administrators lose time trying to fix things by correcting the process or “rolling back” the configuration to its previous state.

While it might be hard to imagine, manual rollback is more painful than the manual remediation process. Automated remediation and rollback give you the speed you want without getting you the time-consuming ticket. By simplifying the CIS Benchmark application, testing, correction, and documentation process, you get your security controls and configurations working faster.

Shift Into Automatic

The timing couldn’t be more perfect. CIS Benchmarks, while somewhat new to you, have been around for eons in the government, often under the guise of Security Technical Implementation Guides (STIGs). STIGs are just a little different, more complex version of CIS Benchmarks. So this kind of automation has been in use for over a decade protecting some of the most sensitive data our country has.

SteelCloud’s ConfigOS Command Center is not only CIS-certified, its also the automation choice of 80% of the DoD for compliance. They eliminate 90% of the effort, 70% of the cost and 100% of the headache associated with compliance. And they beat manual processes in every category. To see how easy they make compliance easier and faster, schedule a test drive now.

Share This Resource: