CIS Benchmark Assessment.
Configuration hardening reviews against the latest CIS benchmarks - OS, database, container and cloud baselines, mapped to your control framework.
Three approaches. One uncompromising standard.
Choose the depth of engagement that matches your risk profile and reporting needs.
CIS Level 1
The recommended starting baseline - controls that materially reduce risk with minimal operational impact.
- Account & authentication hygiene
- Service hardening
- Logging & audit defaults
- Patch & update enforcement
CIS Level 2
Defence-in-depth controls for environments handling regulated data or operating under elevated risk.
- L1 controls in full
- Cryptographic hardening
- Network segmentation enforcement
- Mandatory-access-control review
Custom mapping
CIS coverage mapped to your applicable framework (ISO 27001, SOC 2, PCI-DSS, HIPAA) with audit-ready evidence.
- ISO 27001 / SOC 2 mapping
- PCI-DSS scope alignment
- HIPAA control crosswalk
- Evidence pack for auditors
The full surface - tested manually.
Four ways to scope this service.
OS Baselines
Hardening review of Linux distributions and Windows Server fleets against CIS OS benchmarks.
- Ubuntu / RHEL / Debian baselines
- Windows Server 2019/2022
- Domain & workgroup configurations
Database Baselines
Configuration review for relational database deployments handling sensitive data.
- PostgreSQL / MySQL benchmarks
- SQL Server & Oracle baselines
- Authentication & encryption coverage
Container & Kubernetes
Container runtime and cluster benchmarks - EKS, AKS, GKE and self-hosted.
- Docker / containerd baselines
- Kubernetes Benchmark coverage
- Pod Security Admission review
Cloud Foundations
AWS, Azure and GCP CIS Foundations Benchmarks - the baseline auditors expect.
- AWS Foundations Benchmark
- Azure Foundations Benchmark
- GCP Foundations Benchmark
Six clearly-defined phases.
From scoping call to remediated environment - each step has a deliverable, a check-in and a documented owner.
Define Scope
Goals, asset inventory, RoE and success criteria.
Information Gathering
Recon, fingerprinting and threat modelling.
Identification
Vulnerability discovery and validation.
Attack & Penetration
Manual exploitation & chain analysis.
Reporting
Executive & technical deliverables.
Remediation Support
Fix guidance & debrief session.
Outcomes you can measure.
Level 1 & Level 2
Choose the right profile per asset.
Audit-ready evidence
Control-by-control attestation.
Playbook delivery
Step-by-step remediation per finding.
Continuous re-baseline
Optional quarterly refresh.
Deliverables.
Executive summary
Board-ready overview - risk posture, business impact, recommended priorities.
Technical report
Every finding with reproduction steps, evidence, CVSS & business-impact scores.
Remediation tracker
Jira / Linear-ready issue list with severity, owner and acceptance criteria.
About cis benchmark assessment.
Is this a compliance audit?
Do you implement the fixes?
Which benchmark versions do you use?
Can you scan continuously?
Do you cover custom internal baselines?
Let's scope your cis benchmark assessment.
A 30-minute call. A fixed quote within two business days.