- From: Stuart Preston <
>
- To: "
" <
>
- Subject: [chef] RE: CIS (Windows) Benkmarks
- Date: Mon, 28 Sep 2015 15:12:33 +0000
- Accept-language: en-GB, en-US
- Authentication-results: spf=none (sender IP is )
;
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:23
Hi Chris,
The Chef community already has started down the path with CIS - you should
check out the following for background:
https://supermarket.chef.io/cookbooks/audit-cis
https://www.chef.io/blog/2015/04/09/chef-audit-mode-cis-benchmarks/
As far as I know there is no single community-maintained version of the
Windows variant of CIS benchmarks yet.
Like you, we have spoken to a number of customers interested in creating
something but the reality is that a decent compliance and auditing approach
is something that needs to carefully designed with the customer's own
regulatory requirements and feedback mechanisms in mind. I would be
interested in collaborating on a shared approach, the current mechanism uses
Serverspec and Rspec as its approach, there may be alternative approaches
that are more suitable depending on the type of test taking place.
Stuart
-----Original Message-----
From:
[mailto:
On Behalf Of Chris McClimans
Sent: 28 September 2015 15:43
To:
Subject: [chef] CIS (Windows) Benkmarks
CIS puts out security benchmarks and guides to ensure compliance to a
'hardened' os from the base put out by the OS vendors. Is anyone seen any
efforts within the chef community to create a security policy cookbook that
checks for compliance against these (or similar) standards? I'm thinking of
picking something like this up, but it's a large undertaking and would
interest from more than just one customer to fund it.
Windows Benchmarks:
https://benchmarks.cisecurity.org/downloads/browse/?category=benchmarks.os.windows
Linux Benchmarks:
https://benchmarks.cisecurity.org/downloads/browse/index.cfm?category=benchmarks.os.linux
Database Benchmarks:
https://benchmarks.cisecurity.org/downloads/browse/index.cfm?category=benchmarks.servers.database
MSSQL Benchmarks:
https://benchmarks.cisecurity.org/downloads/browse/?category=benchmarks.servers.database.mssql
(One of my current customers would benefit from Windows 2012r2 + MSSQL
security policy cookbooks)
Archive powered by MHonArc 2.6.16.