CIS Benchmark Audit

Overview

A CIS Benchmark Audit achieves several important objectives related to cybersecurity and the overall security posture of an organization’s systems. 

CIS (Center for Internet Security) benchmarks are a set of best practices and guidelines for securing computer systems, networks, and cloud providers. A CIS Benchmark Audit has over 100 secure configurations across the following categories:

  • Cloud providers (e.g., AWS, GCP, Azure, Oracle, Microsoft Office 365, Google Workspace)

  • Operations systems (e.g., Windows, Unix)

  • Server software (e.g., Web servers, Kubernetes, Databases)

  • Mobile devices (e.g., Apple, Android)

  • Network devices (e.g., Cisco, Palo Alto, Fortinet, Check Point)

  • Desktop software (Microsoft Office, Web browsers)

Contact Us

Have confidence that your infrastructure and sensitive information are safe by checking the status of your organization’s security and compliance posture against CIS benchmarks.

A CIS Benchmark Audit is conducted as follows:

1. Preparation and Planning:

  • Identify the scope and the requirements to get started

2. Benchmark Assessment Compliance:

  • Review the specific CIS benchmark documents relevant to the audited systems and platforms

  • Compare the configurations and settings of the assets in the inventory to the recommended benchmarks

  • Identify any deviations from the benchmarks and document them

3. Vulnerability Identification:

  • Analyze the deviations from the CIS benchmarks to identify potential vulnerabilities and security weaknesses

  • Assess the severity and potential impact of each identified vulnerability.

4. Documentation and Reporting:

  • Create detailed reports that include findings, deviations from CIS benchmarks and the identified vulnerabilities

  • Provide recommendations and remediation steps for addressing the identified issues.

  • Include evidence and supporting documentation for each finding

5. Verification and Validation:

  • After remediation, verify that the identified vulnerabilities have been addressed and configurations have been brought into compliance with CIS benchmarks

  • Validate that the implemented changes do not introduce new security issues

Certifications

icon
PEN 200 OSCP Logo
PEN 300 OSEP Logo
PEN 210 PSWP Logo
EXP 301 OSED Logo
WEB 300 OSWE Logo
CISSP Security Logo
GWAPT GIAC Web Application Penetration Tester
GMOB GIAC Mobile Device Security Analyst
GSNA GIAC Systems and Network Auditor Logo
GXPN GIAC Exploit Researcher and Advanced Penetration Tester Logo
GHIC GIAC Certified Incident Handler Logo
icon
icon
CISA Logo
Offensive Security Logo

CIS Benchmark Audit Service Highlights

AWS

Identify misconfigured IAM policies, incorrect S3 bucket permissions, and overly permissive security group rules.

Service highlight icon for Dev Comp Assess Report
Azure

Precisely identify issues like permissive network security group rules, incorrectly configured Azure Storage access, and misconfigured Azure Active Directory policies.

Badge representing security within an impossible geometric shape
GCP

Determine concerns such as overly permissive firewall rules, improper Google Cloud Storage bucket permissions, and incorrectly configured Identity and Access Management (IAM) roles in GCP.

Service highlight icon for Cryptography
Microsoft Office 365

Locate issues such as, but not limited to, improperly configured user permissions, lackluster email security settings, and vulnerabilities related to SharePoint and OneDrive configurations.

Google Workspace

Address concerns like improperly configured user access controls, inadequate email security settings within your organization, and vulnerabilities related to both Google Drive and shared documents.

Windows and Imox

Find misconfigured user permissions, lacking system settings that may be putting your organization at risk, and vulnerabilities associated with the OS.

Service highlight icons for Information Security Aspects of Business Continuity Management
iOS and Android

Pinpoint issues such as insecure app permissions, insufficient data encryption, and vulnerabilities related to mobile application configurations.

Service highlight icons for Identify and Prioritize MITRE ATT&CK framework categories
Kubernetes

Offer remediation opportunities for misconfigured pod security policies, deficient network segmentation, and vulnerabilities associated with Kubernetes cluster configurations.

Why conduct a CIS Benchmark Audit?

Identify gaps in configurations where convenience over security exists
  • Enact proactive measures for robust protection

Ensure that findings are determined by risk ratings instead of a pass or fail
  • Favor high-risk issues over medium and low-risk ones for attention and action

Payment Card Industry Data Security Standard (PCI DSS) Requirement 2
  • FISMA (S. National Checklist Program Repository)

  • Department of Defense Cloud Computing Security Requirements Guide

What People Say About Us

Adam B.

During the test the engineer assigned to our case would notify us of any high-priority findings with detailed explanations of the risks right away. They were also quickly responsive to our emails during the test.

- Adam B.
  V.P. Engineering

Anonymous

PacketLabs gives the partner peace of mind and reassurance that their cybersecurity needs taken care of. Their team is full of experts who go above and beyond the scope of the engagement.

- Anonymous
  Director of IT

Charlene

The result report was easy to follow and insightful, with recommendations on risk exposure and remediation. We would definitely recommend working with PacketLabs.

- Charlene
  Small Business Owner

Anonymous

Our experience with Packetlabs was very positive. They offer excellent service, communicated clearly with us throughout the process, and were very accomodating regarding our timelines. We highly recommend Packetlabs.

- Anonymous
  Human Resources

Ian W.

Since engaging Packetlabs, we've been confident in our ability to bid for Pentest engagements no matter the scenario, environment or requirement - they've made the whole process of scoping, quoting, and delivering (on time and on budget) seamless.

- Ian W.
  Security Sales Specialist

Anonymous

They shared the results with us in a management report. We discussed all the findings and how we could fix them in meetings, and they also provided us with optional solutions. They did everything remotely.

- Anonymous
  IT Infrastructure Manager

Anonymous

The team worked quickly to identify any issues, write up reports, and offer recommendations. Their friendliness set them apart and made them more of a partner than merely a service provider.

- Anonymous
  IT Director

Anonymous

Thanks to Packetlabs Ltd.'s excellent cybersecurity efforts, the company was able to resolve its vulnerabilities and establish its secure VPN tunnel. Their responsiveness and diligence were hallmarks of their work.

- Anonymous
  Manager

Anonymous

After performing extensive tests, Packetlabs Ltd. produced a thorough report that explained any potential security flaws. Accommodating schedule changes, the team supported effective collaboration.

- Anonymous
  Project Manager, ECEBC

Anonymous

Packetlabs Ltd. successfully identified new and preexisting issues, making it easy for the client to resolve them. The team often went above and beyond to explore issues further and provide valuable information for the client.

- Anonymous
  Sr Director Technology

Anonymous

From the first phone call to the tech interview and progress updates, they have demonstrated a complete understanding of our needs, are very proactive and responsive, and have clear communication.

- Anonymous
  Small Business Owner

Anonymous

Packetlabs Ltd. delivered exactly as requested, meeting the objectives of the project. Not only was the team able to complete the analysis quickly, but they were also open and honest throughout the entire process.

- Anonymous
  VP Engineering & Founder

Download Resources

Cloud Penetration Testing Sample Report

Uncover vulnerabilities within your AWS, Azure, and Google cloud environments that can undermine your security posture with a comprehensive Cloud Penetration Test.

Download Sample Report
CIS Benchmarks

Explore the value of CIS benchmarks via the Center for Internet Security's official documentation.

Download Resource

Frequently Asked Questions

What are CIS benchmarks?

How are CIS benchmarks developed?

How often are CIS Windows benchmarks updated?

Featured Posts

See All

December 10 - Blog

Hardware Token Protocols

Hardware token protocols: what are they, and what role do they play in your organization's cybersecurity? In today's article, our ethical hackers outline the most common hardware token protocols.

October 24 - Blog

Packetlabs at SecTor 2024

Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.

September 27 - Blog

What is InfoStealer Malware and How Does It Work?

InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.

Industries We Serve

Ready to get started?

There's simply no room for a compromise. We’re here to help. Our team works with yours to ensure you reach your full security potential.

Packetlabs Company Logo
    • Toronto | HQ
    • 401 Bay Street, Suite 1600
    • Toronto, Ontario, Canada
    • M5H 2Y4
    • San Francisco | HQ
    • 580 California Street, 12th floor
    • San Francisco, CA, USA
    • 94104