Lesson 5: CIS Benchmarks Flashcards
(19 cards)
What are CIS Benchmarks?
Consensus-based, globally accepted, and free-to-obtain security guidelines for all major operating systems and networks.
CIS Benchmarks are made up of security recommendations called?
Profiles
What are the two types of profiles in the macOS CIS Benchmark?
Level 1 and Level 2 profiles.
What is a Level 1 profile in the macOS Benchmark?
A practical security recommendation with little to no impact on the user’s experience.
What is a Level 2 profile in the macOS Benchmark?
A more restrictive security recommendation that may impact the user experience on a Mac.
What are CIS Benchmarks and what are they used for?
CIS Benchmarks are a set of consensus-based security best practices developed by the Center for Internet Security (CIS). They are used to secure operating systems, software, and networks.
What is required before downloading CIS Benchmarks?
Account registration on the CIS website.
What information does each CIS profile contain?
Affected macOS area, rationale and impact statements, audit steps, and remediation steps.
What is a rationale statement in a CIS Benchmark?
A justification for implementing the profile.
What is an impact statement in a CIS Benchmark?
Details the potential consequences of not implementing the profile.
What are audit steps in a CIS Benchmark?
Instructions for how administrators can check the status of the relevant macOS feature.
What are remediation steps in a CIS Benchmark?
Instructions for how to change the setting in macOS to ensure compliance.
How does Jamf Protect use the macOS Benchmark?
It uses the benchmark to generate insights about enrolled computers.
What are insights in Jamf Protect?
Status updates collected and reported on for enrolled computers.
What do insights display in Jamf Protect?
The number of compliant and noncompliant enrolled computers in real time.
True/False: Insights both report and enforce security recommendations.
False. Insights only report compliance; enforcement requires a solution like Jamf Pro.
To enforce or restrict settings in macOS, what must be used alongside Jamf Protect?
A management solution like Jamf Pro.
What is the difference between a Level 1 and Level 2 profile within the macOS Benchmark?
Level 1 has little to no user impact; Level 2 is more secure but may impact user experience.
Within the macOS Benchmark, what is an impact statement?
It details the consequences of not implementing the associated recommendation for managed Macs.
