CIS Benchmarks are a set of globally recognized and consensus-driven best practices to help security practitioners implement and safeguard systems, software, and networks against evolving cyber threats. They are a collection of best practices for securely configuring IT systems, software, networks, and cloud infrastructure, and are published by the Center for Internet Security (CIS) . CIS Benchmarks are prescriptive configuration recommendations for more than 25+ vendor product families, and are developed through a unique consensus-based process involving communities of cybersecurity professionals and subject matter experts around the world.

CIS Benchmarks are designed to limit configuration-based security vulnerabilities in digital assets, and provide numerous benefits to an organization, including aiding compliance efforts by outlining best practices that align and comply with major regulations. They are internationally recognized as security standards for defending IT systems and data against cyberattacks, and are used by thousands of businesses to offer prescriptive guidance for establishing a secure baseline configuration.

Key features of CIS Benchmarks include:

• They relate specifically to the configuration of existing assets, and do not cover security defenses like firewalls and EDRs.
• They are developed by consensus between experts that include SMEs, security vendors, the CIS benchmarking team, and even the global security community via the CIS Workbench.
• Each CIS Benchmark includes multiple configuration recommendations based on one of two profile levels. Level 1 benchmark profiles cover base-level configurations that are easier to implement and have minimal impact on business functionality. Level 2 benchmark profiles are intended for high-security environments and require more coordination and planning to implement with minimal business disruption.

Organizations across all industries and geographies use CIS Benchmarks to help them achieve security and compliance objectives. CIS Benchmarks align closely with security and data privacy regulatory frameworks including the NIST Cybersecurity Framework, the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accessibility Act (HIPAA), and ISO 27001. While it is theoretically possible to implement CIS Benchmarks manually, most organizations use an automated CIS benchmark tool to make it faster and easier to implement and maintain compliance with the CIS benchmarks[[6]](https://www.cimcor.com/blog/why-cis-benchmarks-are-critical-for-sec...