The requirements for Sarbanes-Oxley regarding computer systems tend to be rather vague.
#CIS BENCHMARK MACOS PATCH#
If your remediation teams wish they didn’t have to patch as frequently, applying the appropriate benchmarks across your enterprise may be part of the cure they are looking for.Īnother use I have seen in my role at Nucleus is Sarbanes-Oxley compliance.
This system change makes it much more difficult for an attacker to be in the position to do that. The thing an attacker wants to target isn’t running, so the attacker first has to enable the vulnerable component and then attack it. The number of participants have grown over the years, and now include some vulnerability scanner vendors, as well as operating system vendors.īy using these benchmarks to disable components of a system that you are not using, you make the system much more difficult to exploit. CIS is an acronym for Center for Internet Security, which is a vendor neutral consortium who collect best practices for system hardening and configuration to improve security. Think policy as in ‘Group Policy’ in Microsoft Windows, not security policy or remediation policy. The CIS benchmarks are a common standard used for system hardening, which is sometimes also called policy compliance. The CIS benchmarks, however, are proactive. And while vulnerability management prevents breaches, it is still a reactive process. It’s a never ending cycle of vulnerabilities being discovered, vendors releasing patches, and remediation teams applying patches to remediate those vulnerabilities.
While vulnerability management is one of the few preventative practices in security, vulnerability patching is still reactive. Using CIS Benchmarks in your Vulnerability Management Strategy
0 kommentar(er)
