In February 2022, CIS (Center for Internet Security) released the Microsoft Windows Server 2022 Benchmark v1.0.0 that includes 50+ new features, GPOs (Group Policy Objects), capabilities and services. The document offers a comparison between Server 2019 vs. Server 2022 for similarities and differences as well as similarities and differences of Windows 11 vs Windows 10.
With the benchmark being so new to the public, companies will need to locate a remediation and hardening solution such as CalCom’s Hardening Suite that enforces CIS’ most recent Microsoft Windows Server 2022 Benchmark.
CIS Benchmark guidelines
CIS benchmarks can be regarded as the dedicated set of the best practices and configuration settings for organizations to ‘harden’ the security of their digital assets. Currently, around 100 benchmarks are made available in around 14 technology groups – including IBM, Microsoft, AWS, and Cisco.
Some ways in which CIS benchmarks tend to be distinct from other security standards are:
- While CIS benchmarks are not regulatory requirements, most important compliance frameworks highlight CIS benchmarks according to the industry standards.
- CIS benchmarks are developed by consensus between industry experts -including security vendors, SMEs, the benchmarking team, and the global security community through the CIS Workbench.
- CIS benchmarks tend to relate particularly to the configuration of the existing assets. They are not known for covering security defenses like EDRs (Endpoint Detection and Response) and firewalls.
Based on the compliance and security needs of the organization, there are two distinct levels of CIS benchmarks:
- Level 1: It is designed for rapidly minimizing the existing attack surface of the organization without affecting business functionality or usability. These CIS standards offer the base level of compliance and security that organizations are expected to meet.
- Level 2: It offers access to a highly stringent standard designed for maximizing the security posture of the organization with the help of ‘defense in depth.’ These security standards are aimed for environments wherein security might be crucial.
Implementing CIS Benchmarks
As far as the implementation of CIS benchmarks is concerned, there are some options:
- Downloading the CIS benchmarking documents and implementing the suggestions manually -The approach will deliver the benefit of being independent to start. However, it turns into a highly labor-intensive task especially when organizations upgrade, and assets are added.
- Using an automated solution for identifying and resolving areas of non-compliance: While it is not possible to implement relevant CIS benchmarks on a manual basis, most companies make use of an automated tool for CIS benchmarks. An automated solution will make it quicker and simpler to implement as well as ensure compliance with the respective CIS benchmarks.
It is important to make use of compliance, security, and integrity tools in the IT departments to quickly reach and maintain compliance with the respective CIS benchmarks. Reliable solutions usually involve scanning functionality for quickly identifying areas of non-compliance, but they are unable to do the remediation.
CalCom’s automated hardening solution, CalCom Hardening Suite (CHS) enforces CIS’ most recent Microsoft Windows Server 2022 Benchmark v1.0.0. CHS eliminates outages and reduces hardening costs by indicating the impact of a security hardening change on the production services. CalCom’s CHS is a must-have solution for any enterprise seeking to quickly and cost-effectively implement CIS benchmarks and maintain extensive, robust server security policies.