Information Technology Unit IT Security Office
CIS SECURITY BENCHMARK TOOLS

The IT Security Office is now providing access to the Center for Internet Security (CIS) "Security Benchmarks" Tools for Mason's Systems Administrators. Mason is currently a member through the IT Security Office.  So, in addition to the free resources provided by CIS Security Benchmarks, once you are registered, you will have access to all the materials available exclusively to members.

What are CIS Security Benchmark Tools?
How do I access the tools?
Where can I find more information?

What are CIS Security Benchmark Tools?

The CIS Security Benchmarks division provides well-defined, unbiased and consensus-based industry best practices to help organizations assess and improve their security. Resources include secure configuration benchmarks, automated configuration assessment tools and content, security metrics and security software product certifications. 

The Security Benchmarks division is recognized as a trusted, independent authority that facilitates the collaboration of public and private industry experts to achieve consensus on practical and actionable solutions.

The CIS Security Benchmarks Division develops and distributes:

  • Security Configuration Benchmarks - describe consensus best practices for the secure configuration of target systems and are developed via extensive collaboration with our volunteer consensus community. Configuring IT systems in compliance with these Benchmarks has been shown to eliminate 80-95% of known security vulnerabilities. The Benchmarks are globally used and accepted as the de facto user-originated standard for IT security technical controls. The Benchmarks are freely available for download in PDF format.

  • Security Metrics - offer enterprise IT and security teams insight into their own security process outcomes and are developed via extensive collaboration with our volunteer consensus community. The metrics are freely available to the public for download, including the CIS Quick Start Guide for Consensus Security Metrics.

  • The CIS-CAT Benchmark Assessment Tool - provides IT and security professionals with a fast, detailed assessment of target systems' conformance to CIS Benchmarks. By discovering any lack of conformance to CIS Benchmarks, CIS-CAT offers enterprises a powerful tool for analyzing and monitoring the security status of information systems and the effectiveness of internal security processes.

For a full list of resources offered, along with descriptions and examples, please visit the CIS Security Benchmarks Security Resources page.

CIS Benchmark Tools Orientation Presentation

>>back to top

How do I access the tools?

The CIS Security Benchmark Tools are available to Systems Administrators within the Mason community. To register, go here and complete the registration form. You must have a valid Mason e-mail address. After a simple account validation step, you will receive an e-mail indicating that your registration has been activated, along with a temporary password. You can then enter the site.

Below are some next steps you may want to take once you have registered:

  1. Log in to the collaboration site with the credentials you received
  2. Click the Profile link in the upper right hand corner
  3. Click the “Change Password” tab
  4. Enter a new password
  5. To join a consensus team, select Profile -> Options -> Manage Projects
  6. To access CIS member only downloads, click the Downloads button at the top of the screen.


Direct Links:

Membership Registration Form: http://benchmarks.cisecurity.org/membership/register/
Login: https://community.cisecurity.org/collab/public/index.php?path_info=login&re_route=homepage 

>>back to top

Where can I find more information?

If you have any questions about registration or accessing the tools, you can contact Sarah Morehouse at smoreho3@gmu.edu or via phone at 703-993-2906. 

For more information about CIS Security Benchmarks, you can visit their web site at http://benchmarks.cisecurity.org.

>>back to top