Forum Discussion
gregb
Jul 27, 2023Copper Contributor
Windows 11 22H2, Server 2022 Baselines - CIS Level 1
Are the security baselines downloaded in the SCT "CIS Level 1"? I've used the Policy Analyzer to compare the group of baseline GPOs (all the ones in the \GPOs\ folder) to the 'current environment' us...
JimSeaman520
Jul 02, 2024Copper Contributor
gregb, in PCI DSS v4.01, one of the PCI DSS Requirements (2.2.1) requires the assessed entity to have documented configuration standards that are consistent with industry-accepted system hardening standards or vendor hardening recommendations.
CIS is one hardening standard, Microsoft's are another.
https://learn.microsoft.com/en-us/compliance/regulatory/offering-CIS-Benchmark
If an entity has used the CIS Benchmarks, it is recommended that the CIS CAT Tools are used to audit the configurations, e.g.,
- https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro
- https://learn.cisecurity.org/cis-cat-lite