Use CIS Benchmarks to Track Cyber Compliance in OpenRMF Professional

CIS benchmarks turned into Checklist Templates in OpenRMF Professional v2.8

CIS Benchmarks

If you are coming from the US Federal or DoD world, you probably understand DISA based checklists. They have been using them for a while now for the automated scans for DISA benchmarks. And you have a bunch of them for your system package you are tracking (ATO, ATC, IATT, Type Accreditation).

Creating Checklists to Match the CIS Benchmarks

To make one of these checklist templates that matches your CIS benchmark results (will be a .nessus file), you go to Templates → Upload CIS audit definition file and load the file. Done. Our templating engine parses the file, matches the checks in the .audit file, and creates a CIS based custom checklist for you to use in seconds.

Upload the .audit file you use for your CIS benchmark to make a checklist template that matches your results

Uploading Your Results

To get your results into your system package, you can upload through the GUI. You can use the API. Or new to v2.8, you can import directly from your Nessus scan with the integration setup in your system package. Connect your scanner via their API through our GUI. List the folders, find your scan, and click the import button.

Tracking CIS benchmark scan results in your new checklist

Track Compliance, POAM, Vulnerabilities, and Reporting

When you uploaded your .audit file, the tracking of those benchmark checks to NIST 800-53 type controls was automatically done for you. You can edit the checklist template in the Templates area and adjust the controls and CCI items to add/remove relationships as well to further customize that CIS checklist template. You can even add extra manual checks if you wish with our editor to tailor the checklist to what you and your team require.

Checkout out OpenRMF Professional v2.8!

Soteria Software’s OpenRMF Professional is revolutionizing the way you track RMF, FedRAMP and Cyber Compliance through automation! Whether you are tracking RMF and FedRAMP right now by itself, automating in a DevSecOps process, need a cyber compliance engine for your Software Factory or are even migrating on premise to cloud infrastructure — OpenRMF Professional can help ease the workload and get you there faster.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dale Bingham

Dale Bingham

CEO of Soteria Software. Developer on OpenRMF. Software Geek by trade. Father of three daughters. Husband. Love new tech where it fits. Follow at @soteriasoft