System Specific Guidelines

Information Security recommends The Center for Internet Security (CIS) System Benchmarks to use when configuring systems to protect them from vulnerabilities and reduce the risk of compromising data. CIS provides a java application called the CIS Configuration Assessment Tool (CIS-CAT) that is used to run checks against your systems and produces a report indicated what areas you passed or failed, with instructions on how to configure the failed areas so they pass. There are typically two levels of security, level 1 being more open and level 2 being more restrictive. You should always shoot for level 2 compliance. 

 

To download the java tool and associated benchmarks you will need to enroll. UW System has purchased licenses for us to use, you just need to specify University of Wisconsin -  Milwaukee in the Company Name field on the enrollment form. The form can be found here: CIS Enrollment Form

 

Once enrolled you can login and navigate to the Downloads and Download the latest ciscat-full-bundle-MostRecentDate. Unzip it and run the bat or shell script depending on the system you are running it on. 

 

If you have any problems registering, installing, or running the tools please contact Infosec@uwm.edu. 

 

Here are a sample of the following systems the CIS-CAT tool can be run against:

  • OS X 10.5 - 10.9
  • Apache TomCat 5.5 and 6
  • IIS 8
  • MS SQL Server 2008 and 2012
  • MS Windows 7 & 8
  • MS Server 2003, 2008, 2012
  • Oracle 10g and 11g
  • Redhat 5, 6, and 7
  • Ubuntu 12.4
  • VMWare ESX 3.5, 4
  • VMware ESXi 5.5

 

Smart Phones