CIS Benchmark on Ubuntu

Comply with the most widely accepted Linux baseline

The CIS benchmark has hundreds of configuration recommendations, so hardening and auditing a Linux system or a kubernetes cluster manually can be very tedious. To drastically improve this process for enterprises, Canonical provides Ubuntu Security Guide (USG) for automated audit and compliance with the CIS benchmarks. Available with Ubuntu Pro on-premise or on public clouds.

Contact us Get Ubuntu Pro

Harden your Linux workloads

Hardening involves a tradeoff between security and usability. The default configuration of Ubuntu LTS releases, as provided by Canonical, balances between usability, performance and security. However, systems with a dedicated workload are well-positioned to benefit from hardening. Reduce your Linux workload’s attack surface with CIS hardened Ubuntu.

Automate your compliance

Applying a baseline with a large set of instructions manually is not only time consuming but also error-prone. According to Verizon data breach investigations report for 2021, misconfigurations were among the top five reasons for data breaches. Apply more than 250 rules in less than 15 minutes while avoiding misconfigurations using Ubuntu Security Guide that automates your CIS compliance.

Audit with Ubuntu Security Guide

An important aspect of secure asset configuration for compliance is monitoring. You need to verify that systems comply with the selected baseline and contain operating system software supported by the vendor. Ubuntu Pro makes the Ubuntu Security Guide available to audit and monitor systems with the OpenSCAP tool.

Get Ubuntu Pro Learn more about Ubuntu Security Guide

Configure and apply CIS hardening rules in minutes

The compliance tooling has two objectives: it lets our customers harden their Ubuntu systems effortlessly and then quickly audit those systems against the published CIS Ubuntu benchmarks.

Which versions of Ubuntu have CIS tooling?

Canonical provides OpenSCAP content for auditing systems for compliance with Center for Internet Security (CIS) benchmarks, as well as tooling to automate audit and compliance with the Ubuntu Security Guide.

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
Get CIS tooling with Ubuntu Pro Learn more about Ubuntu Security Guide

How does Charmed Kubernetes comply with CIS benchmarks?

Charmed Kubernetes brings not only extensibility and fully automated operations but is designed to comply with the Kubernetes CIS benchmark by default. It further includes tooling to track cluster compliance.

Read more about Kubernetes and CIS

What is CIS?

The Center for Internet Security (CIS) is a non-profit organisation with a mission to “make the connected world a safer place by developing, validating, and promoting timely best practice solutions against pervasive cyber threats”. CIS uses a consensus process to release benchmarks to safeguard organisations against cyber attacks. The consensus review process consists of subject matter experts who provide perspective on different backgrounds like audit and compliance, security research, consulting and software development. The benchmarks are considered a necessary complement in the implementation of a cybersecurity framework, and are the most widely accepted Industry benchmarks to harden a system today. Canonical actively participates in the drafting benchmarks of Ubuntu LTS releases.

What are the CIS Controls?

CIS controls is a framework of security best practices that harness the collective experience of the CIS subject matter experts from actual attacks and effective defenses. CIS controls are referenced by International and National frameworks such ETSI’s critical security controls, NIST Cybersecurity framework, and others.

How do benchmarks relate with CIS Controls?

The benchmarks map to CIS controls and are designed to additionally reduce the system’s attack surface to mitigate the most common attacks. For that reason, they are considered a necessary complement in the implementation of a cybersecurity framework, and are the most widely accepted Industry benchmark to harden a system today.

Contact us