CIS Overview
What is CIS?
Center for Internet Security
CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. elections offices.
What do the CIS roles do?
The roles follow the CIS provided guide (benchmark) released for the OS/platform/application. Each guide is different, some have in excess of 200 controls and apply to various parts of an OS/platform/application. Each guide is updated regularly by CIS.
Note
CIS is often used if there is absence for an appropriate released STIG version.
Control Severities
Controls are divided into groups based on the following properties:
Level 1 The majority of control are based at this level. These controls are considered to have a low impact to a system. By implementing these controls is considered low to medium risk of disruption.
Level 2 These controls are considered high risk with a chance of system disruption if implemented.
Note
Along with severities it also shows the severity for servers vs workstations. You can have a control that is more severe for servers than workstations or vice-versa. We tag each task with the full level, level1-server/level1-workstation
Note
All of the default configurations should be adjusted via variable files, not within the tasks themselves.
remediation -
defaults/main.ymlaudit
standalone
vars/CIS.ymlcombined
vars/[system_hostname].yml
For container environments, set is_container: true to skip controls incompatible with containers.
See Container Guide for details.