CIS Policy
The Center for Internet Security (CIS) is a non-profit enterprise whose mission is to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls. CIS members develop and encourage the widespread use of security configuration benchmarks through a global consensus process involving participants from the public and private sectors. The practical CIS Benchmarks support available high level standards that deal with the "Why, Who, When, and Where" aspects of IT security by detailing "How" to secure an ever widening array of workstations, servers, network devices, and software applications in terms of technology specific controls. CIS Scoring Tools analyze and report system compliance with the technical control settings in the Benchmarks. The CIS Benchmarks and Scoring Tools are available for download free of charge to the Internet community from http://www.cisecurity.org/index.html.
Platforms/Applications:
AIX, HP-UX, Red Hat, Solaris, SUSE, Windows (2000 server, 2003 server, 2003 Domain Controller, etc.), Cisco (IOS & PIX), MS SQL, Oracle, Exchange, IIS, VMware
