Center for Internet Security

The Center for Internet Security (CIS) is a community of organizations and individuals seeking actionable security resources. As a member of this community, the university has access to Consensus Security Configuration Benchmarks, Scoring Tools, and Consensus Security Metric definitions.

Using CIS Tools and Resources for System Hardening

To get started using tools and resources from CIS, follow these steps:

1. Visit CIS Benchmarks to learn more about available tools and resources.
   
   
2. Create an account. Use your USC email address to register to confirm that you are a member of the USC community. Respond to the confirmation email and wait for the moderator to activate your membership.
   
   
3. Log in to CIS Community to download and review CIS benchmarks for your platforms (Note: Mac OS X is listed under Unix). Benchmarks are available as PDF reference worksheets for system hardening.
   
   
4. Download the CIS-CAT Benchmark Assessment Tool (available on the  member website) and run against a system you would like to secure. This cross-platform Java app examines your system and produces a report comparing your settings to the published benchmarks.
   
   
5. Develop system hardening practices based on the benchmarks and CIS-CAT Scoring Tool results. You can use additional CIS tools available to members, such as Windows GPOs, to assist with system hardening. In some cases, you may need to deviate from the benchmarks in order to support university applications and services. 

Getting Help

CIS maintains documentation and a short instruction video on using the CIS-CAT Benchmark Assessment Tool, so if you have difficulty with the tool, review these documents first. For other questions, use the CIS member forums or contact  security@sc.edu for help using the CIS benchmarks for system hardening.