Description of Cyberwatch compliance repositories

This documentation provides a description of repositories available by default in Cyberwatch.

CERTFR_AD

CERTFR_AD is an implementation of the Active Directory hardening guide developed and maintained by the ANSSI. Cyberwatch provides this repository by default for the compliance analysis of Active Directory assets according to ANSSI’s rules.

CIS_Benchmark

The CIS (Center for Internet Security) is a recognized IT security entity. It is responsible for developing and maintaining the CIS Controls® and CIS Benchmarks™ guides, globally recognized best practices for securing IT systems and data.

These best practices are gathered in guides published and split by operating systems. A set of technical information and scripts are developed by the CIS, allowing to check assets’ compliance towards rules published in the CIS Benchmark.

Cyberwatch uses and implements these scripts in some of its default repositories.

The CIS_Benchmark repository present by default in Cyberwatch, contains all CIS Benchmark rules implemented in Cyberwatch. It gathers a set of rules applicable to different operating systems (Windows and Linux).

CIS_Benchmark_level_1

This repository gathers all level 1 CIS Benchmark rules, level being defined by the CIS.

From the CIS website:

“The Level 1 profile is considered a base recommendation that can be implemented fairly promptly and is designed to not have an extensive performance impact. The intent of the Level 1 profile benchmark is to lower the attack surface of your organization while keeping machines usable and not hindering business functionality.”

CIS_Benchmark_level_2

This repository gathers all level 2 CIS Benchmark rules, level being defined by the CIS.

From the CIS website:

“The Level 2 profile is considered to be “defense in depth” and is intended for environments where security is paramount. The recommendations associated with the Level 2 profile can have an adverse effect on your organization if not implemented appropriately or without due care.”

CIS_Docker_Benchmark

This repository gathers best practices of secure configuration guidelines for the Docker application. It is also published by the CIS.

CIS_Microsoft_Intune_Benchmark

This repository gathers best practices of secure configuration guidelines for the Microsoft Intune application for Windows 10 et 11. The benchmarks also published by the CIS.

ICS_Best_Practices

This repository regroups a set of best practices rules generally applied to industrial systems (ICS = Industrial Control Systems).

This rules are mostly adapted from the CIS Benchmark, with some of them requiring a specific adaptation to the context of industrial systems security.

Security_Best_Practices

Repository of rules acting as a best practices guide that can be reasonably applied on the majority of information systems.

The main goal is to provide a starting guide allowing to establish a first overview of the IT infrastructure, using rules both comprehensive on a technical aspect as well as providing relevant configuration from a security standpoint.

Cyberwatch recommends using this repository as a starting point and an introduction to a deeper exploitation of the compliance module.