We’ve all had to lock down a workstation, server or application for security/audit purposes and wondered where to start. I recently stumbled across the Center for Internet Security (CIS) Benchmark program which provides vendor agnostic advice and tools on accessing and improving the security of servers and applications. The CIS program can help public and private organisations to meet compliance standards for FISMA, PCI, HIPAA and a lot more.
Behind the scenes of CIS there is a group of IT security experts who give their time and knowledge to help provide the information and tools that can help to benefit the rest of the IT community.
The CIS provide a Java based assessment tool that you can run on your workstations or servers to assess the potential security holes within them.
Once you download the tool from their website and run it you are confronted by a list of current benchmark standards you can run against your device. In this case I am running the tool against my Windows 10 workstation.