Secure Baseline scanning to identify and fix configuration weaknesses in operating systems
Secure baseline scans are designed to find configuration gaps and security weaknesses in operating systems, using specific security frameworks as comparison benchmarks. Security teams can perform these scans to compare different OS configuration settings against the baseline controls recommended by security frameworks, and make the changes necessary to harden configuration and reduce their organizations’ attack surface. Along with configuration hardening for improved security, secure configuration assessments also help organizations meet the compliance requirements relevant to their industries.
CYRISMA uses the Center for Internet Security’s (CIS) Benchmarks and DISA’s Secure Technical Implementation Guides (STIGs) as the benchmarks for secure configuration scanning to protect both commercial and government entities against breaches. The systems being scanned are put through hundreds of tests under different policy categories and assigned performance grades based on the test results. Scan results include detailed recommendations to fix misconfigurations and close security gaps, and the functionality to create and execute mitigation plans from within the CYRISMA platform.
What can you scan?
CYRISMA’s secure baseline scans can be performed on all versions of Windows, Linux and Mac operating systems (OS). Users can choose between scans based on the CIS Benchmarks and DIS STIGs and deep dive into configuration settings tied to specific policy categories like network security, password policy, WLAN settings, group policy, etc. The platform also allows teams to set up mitigation plans based on detailed recommendations, assign mitigation actions to specific team members, and track baseline trends over time to improve performance and maintain a strong security posture.
Monitor Configuration Drift
Using a single framework for secure configuration ensures consistent configuration settings across systems and machines regardless of computing environment and location. This may be affected over time as changes are made to hardware or software without a proper reporting or tracking mechanism, causing what is known as “configuration drift” or inconsistencies and gaps emerging in secure configuration. With CYRISMA, organizations can schedule regular secure baseline scans and compare new scan results against historical data to quickly spot and fix configuration drift, bringing errant systems back under the security policy’s control.
The Power of CYRISMA
Optimize Cyber Risk Management with our multi-feature SaaS platform
CYRISMA allows you to Discover, Understand, Mitigate, and Manage cyber risk with efficiency and speed