In my time as a systems engineer in the insurance industry, I learned a lot about compliance programs and the challenges that organizations face to ensure infrastructure is compliant. Audits were time-consuming and handoffs between security, compliance, and infrastructure operations teams were always challenging. The endless list of regulatory requirements was difficult to keep up with and trying to reconcile that endless list and turn it into policy configuration felt overwhelming and never-ending.

These challenges and countless others are the reason that CIS (Center of Internet Security) started developing the CIS Benchmarks. CIS strives to develop and promote best practice solutions that empower businesses all over the world to protect themselves against cybersecurity threats.

My colleague, Andrew Jones, recently pointed out in a blog post that the CIS benchmarks have been adopted by many organizations as the standard against which to measure their systems.

So, why is CIS the standard to measure against?

CIS uses a consensus-driven approach to develop its benchmarks

This two-step process starts with cybersecurity and system experts, who define, review and test the recommendations. Once consensus is reached, feedback is accepted from a wider range of cybersecurity professionals from around the world. This process ensures that the benchmark is truly a best practice that has been well-refined and tested to ensure security and compliance.

CIS Benchmarks align with many of the major regulations that are required for various industries

With so many different regulations to keep up with, it’s no wonder that companies fall behind in compliance. CIS has aligned its benchmarks against many regulatory frameworks, enabling companies to utilize the benchmarks to gain best practices from CIS that help them achieve compliance against the regulations that apply to them.

CIS Benchmarks are globally recognized and accepted

The CIS Benchmarks are accepted by government, business, industry and academia globally. According to Dilligent Insights, “CIS draws members from a range of backgrounds including private companies, government, and research institutions” and “provides a range of tools, resources and programs to enable best-practice IT governance within organizations and government.” With over 100 benchmarks in 14 technology groups, organizations can be sure their security and compliance needs are covered!

Puppet Comply and CIS

Puppet Comply utilizes the CIS-CAT pro scanner to assess your IT infrastructure against the CIS Benchmarks so you can get a clear view of your overall compliance. Puppet recognizes that CIS is the gold standard and when developing our compliance solution, partnering with CIS was the right move for our customers. Pairing CIS Benchmarks with Puppet’s powerful automation capabilities goes a long way towards a more compliant and secure infrastructure.

Amanda Breese is a Senior Product Manager at Puppet.

Learn more

• Learn how to simplify and automate your compliance program with Puppet and the CIS Benchmarks.
• Visit our Comply product page to learn more about our solution.