CIS Benchmark on Ubuntu

Comply with the most widely accepted baseline

The CIS benchmark has hundreds of configuration recommendations, so hardening and auditing a system manually can be very tedious. To drastically improve this process for enterprises, Canonical provides certified tooling for audit and automated compliance with the CIS benchmarks with Ubuntu Advantage and Ubuntu Pro.

Contact us Get Ubuntu Advantage

Harden your workloads

Hardening involves a tradeoff between security and usability. The default configuration of Ubuntu LTS releases, as provided by Canonical, balances between usability, performance and security. However, systems with a dedicated workload are well-positioned to benefit from hardening. Reduce your workload’s attack surface with CIS hardened Ubuntu.

Read more about Ubuntu CIS

Automate your compliance

Applying a baseline with a large set of instructions manually is not only time consuming but also error-prone. According to Verizon data breach investigations report for 2020, misconfigurations were among the top five reasons for data breaches. Apply more than 250 rules in less than 15 minutes while avoiding misconfigurations using tooling provided by Canonical that automates your CIS compliance.

Read more about Ubuntu’s tooling

Audit with OpenSCAP

An important aspect of secure asset configuration for compliance is monitoring. You need to verify that systems comply with the selected baseline and contain operating system software supported by the vendor. Ubuntu Pro and Ubuntu Advantage makes content available to audit and monitor systems with the OpenSCAP tool.

Read more about Ubuntu’s audit tooling

Configure and apply CIS hardening rules in minutes

The compliance tooling has two objectives: it lets our customers harden their Ubuntu systems effortlessly and then quickly audit those systems against the published CIS Ubuntu benchmarks. The SCAP content for audit tooling that scans the system for compliance is CIS certified.

Watch the video

Which versions of Ubuntu have CIS tooling?

Canonical provides certified OpenSCAP content for auditing systems for CIS benchmark compliance, as well as tooling to automate compliance.

Ubuntu 16.04 LTS Ubuntu 18.04 LTS Ubuntu 20.04 LTS
Center for Internet Security (CIS) benchmarks

Access the Ubuntu CIS benchmark tooling Learn more about our tools

What is CIS?

The Center for Internet Security (CIS) is a non-profit organisation with a mission to “make the connected world a safer place by developing, validating, and promoting timely best practice solutions against pervasive cyber threats”. CIS uses a consensus process to release benchmarks to safeguard organisations against cyber attacks. The consensus review process consists of subject matter experts who provide perspective on different backgrounds like audit and compliance, security research, consulting and software development. The benchmarks are considered a necessary complement in the implementation of a cybersecurity framework, and are the most widely accepted Industry benchmarks to harden a system today. Canonical actively participates in the drafting benchmarks of Ubuntu including Ubuntu 16.04, 18.04 and 20.04. CIS has also published benchmarks for Ubuntu 12.04 and 14.04 releases.

What are the CIS Controls?

CIS controls, is a framework of security best practices, that harness the collective experience of the CIS subject matter experts from actual attacks and effective defenses. CIS controls are referenced by International and National frameworks such ETSI’s critical security controls, NIST Cybersecurity framework, and others.

How do benchmarks relate with CIS Controls?

The benchmarks map to CIS controls and are designed to additionally reduce the system’s attack surface to mitigate the most common attacks. For that reason, they are considered a necessary complement in the implementation of a cybersecurity framework, and are the most widely accepted Industry benchmark to harden a system today.

Contact us