Chef Blogs

Chef Achieves CIS Certification for Red Hat Enterprise Linux 7 and Microsoft Azure Foundations Benchmarks

Julian Dunn | Posted on | community

Chef is pleased to announce that we have achieved official Center for Internet Security certification for Chef Automate and InSpec for Red Hat Enterprise Linux 7 (Server Levels 1 and 2) and Microsoft Azure Foundations Benchmarks, Level 1. This announcement follows on the heels of our being the first vendor to be awarded official certification for Google Cloud Platform Foundation, Levels 1 and 2, bringing us to a total of five officially CIS-certified InSpec profiles.

Why is CIS Certification Important?

The Center for Internet Security (CIS) produces best practice documentation for secure configuration and hardening of operating systems, clouds, server software, and more. These standards are known as the CIS Benchmarks. Some enterprises base their own security policies directly on CIS benchmarks. However, a more sophisticated use case is to map CIS controls to individual compliance regimes such as PCI-DSS, HIPAA, SOC2, and so on. This is done in order to accelerate the process of becoming compliant with the governing regime. As such, CIS provides mapping tables and tools for security professionals to achieve this, as seen in the following illustration.

To assist security engineers in this exercise, Chef has produced a series of guides. These guides are not intended to be comprehensive but show how Chef Automate and InSpec can be utilized to take a compliance-as-code approach to this mapping exercise, rather than trying to translate the guidance from the CIS Benchmark PDF documents manually.

Finally, most customers want to customize the guidance by provided by CIS. For example, you might need to exempt certain system configurations that trigger a CIS Benchmark rule but have been signed off by information security, or to reduce the criticality rating of certain rules. InSpec’s built-in inheritance features mean that you can depend on controls from the certified CIS Benchmark profiles that we provide as part of a Chef Automate subscription, and only customize what you need. This reduces code duplication, minimizes operational burden, and ensures you are always in compliance with the latest CIS Benchmark versions as you upgrade Chef Automate.

Next Steps

You can download the Chef Automate Guide to PCI Compliance and Chef Automate Guide to the FFIEC IT Examiner’s Handbook in our resources library.

To learn more about Chef Automate or start a free trial, visit https://community.chef.io/tools/chef-automate/