What is CIS Level 1 Benchmarks

What is the CIS Level 1 Benchmarks?

The CIS Level 1 Benchmarks are a set of over 280 cyber security standards and recommendations from the Center for Internet Security. Organizations, businesses, and governments use the benchmarks to build better cyber security prevention, protection, response, and recovery programs.

The Center for Internet Security creates and manages the CIS benchmarks to support businesses and other organizations with a guide to better cyber security procedures. 


What is the Center for Internet Security?

The Center for Internet Security is a non-profit organization that works with governments to develop cyber security standards. Their mission is to make the connected world a safer place by developing, validating, and promoting timely best practice solutions that help people, businesses, and governments protect themselves against pervasive cyber threats. The standards they created for businesses are the CIS benchmarks. 

The organization started in 2000 with its first member. It has grown as a community of IT professionals focused on improving cyber security programs across the world during the last 20 years. Governments and insurance agencies use the CIS Benchmarks as a standard for regulatory compliance as a result. It is not surprising due to the increasing cost of cyber attacks a their frequency. 


What is the CIS Level 1 Benchmarks?

The CIS benchmarks is a list of settings that need to be changed to be compliant to cyber security regulations. The benchmarks make up of Level 1, Level 2 , and the BitLocker (BL) settings and best practices. Level 1 Benchmarks is the baseline of CIS Benchmarks. Level 2 Benchmarks is the highest level of the security benchmarks as well as the most difficult to maintain. BitLocker is an additional set of standards for BitLocker configurations.

Level 1 Benchmarks is a cyber security baseline. It covers the basic security settings and procedures for security every device in your network. The benchmarks subsequently cover every Operating System and device type. 

Level 2 Benchmarks is a highest standard of the CIS benchmarks. It is an intensive set of cyber security procedures and settings. This level of benchmarks are used by organizations and businesses needing the highest form of security. 

BitLocker (BL) settings and procedures are an addition to the benchmarks by the Center for Internet Security. They recommend BL as an optional set of added protection. CIS has also set the BitLocker (BL) settings as optional for organizations around the globe.


How are the CIS Benchmarks Used?

Businesses and Governments use the CIS Benchmarks as a baseline for their cyber security programs. Most businesses also apply the CIS Benchmarks as a part of the NIST and ISO standards as well. The Benchmarks are split up into several categories of devices with benchmarks designed for each operating system. The Center of Internet Security creates the benchmarks for MacOS, Linux, Windows, and other operating systems as well. Find the benchmarks for your device on the Center for Internet Security benchmarks page.

The cis benchmarks put into practice. the Center for Internet Security has outline these benchmarks as an essential baseline for cyber security professionals and businesses. CIS Level 1 is used by governments to assess businesses and organizations cyber security programs.


Why Use the Benchmarks?

The CIS Benchmarks prevent and protects against cyber attacks and aids in the response as well as aiding recovery efforts after a cyber attack. The Benchmarks prevents cyber attacks with its security recommendations as long as they are in place. It protects against cyber attacks by reducing the attack surface to avoid common access points that a hacker can use. Cyber security professionals also respond quicker by knowing the benchmarks are in place and any changes to settings outlined by the benchmarks raise a red flag. Organizations and businesses recover from cyber attacks quicker with the benchmarks in place because they can fix the vulnerabilities quicker. 


Next Steps: How to Become CIS Benchmark Compliant?

Businesses apply the CIS Benchmarks by using software that changes the settings for the or changing the settings manually. They first determine whether they need level 1 vs level 2 benchmarks. Second, they use configure their devices with the benchmarks. Thirdly, they monitor the benchmarks and continually update their usage.

CIS Benchmarking software aids the process to become CIS Compliant. These resources make it easier to become compliant:

Rapid 7 – InsightVM

Secure My Desktop – CIS Level 1 Benchmark Tool