ICT has invested in a membership in the Center for Internet Security on behalf of the university. This membership allows the university to redistribute CIS Security Configuration Benchmarks internally to our employees. These benchmarks represent user-originated, consensus-based best practices for the secure configuration of many common IT devices, operating systems and applications. They are widely accepted within government, business, industry, and academia and kept continually up-to-date.
University employees who manage IT services for their college, department or administrative unit are encouraged to take advantage of these benchmarks and use them as the basis for security configuration policies within their area of responsibility. At a minimum, the benchmarks are well worth a one-time review to see how they compare against existing practices for secure configuration of IT assets. Benchmarks can be accessed using the links below (NSID login required).
For those implementing CIS benchmarks, our membership also provides access to a suite of assessment tools that can be used to measure conformance. The tools can be used to create standard configuration images for hardening systems prior to deployment, and to assess security on an ongoing basis.
In addition to these tools, conformance can be measured with commercial vulnerability and configuration assessment tools such as Nessus. ICT already uses Nessus to perform quarterly vulnerability scans of critical university IT assets. To further support the use of CIS benchmarks, ICT is now providing Nessus-based benchmark assessments to colleges, departments and administrative units wishing to test their configurations prior to deployment. These assessments are provided free of charge, are informational in nature, and do not compel the adoption of any particular benchmark or portion thereof.
If you would like to discuss the CIS Security Configuration Benchmarks or schedule an assessment, please email security_assessment@usask.ca
CIS Security Configuration Benchmarks (NSID login required):
