FreeBSD Mail Archives

Date:      Mon, 29 Jul 2024 14:20:51 -0400
From:      Greg Wallace <greg@freebsdfoundation.org>
To:        "freebsd-enterprisewg@FreeBSD.org" <freebsd-enterprisewg@freebsd.org>
Subject:   CIS Benchmark is open for Consensus Review
Message-ID:  <CAP=s-_gVZzxePoJofy0ei1ZP-8ZVfkEwjS5hvziQm8wO=LkrcQ@mail.gmail.com>

next in thread | raw e-mail | index | archive | help

--00000000000075d63c061e66ec03
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Enterprise WG,

The FreeBSD Foundation is pleased to announce the release of the draft CIS
FreeBSD 14 Benchmark for community consensus review.


The draft document can be found here:
https://workbench.cisecurity.org/benchmarks/15908/files



The consensus review period is scheduled to close on Monday August 12, 2024=
.



We would like to thank the FreeBSD Community for all of the work that went
into this draft document. Special thanks to Benchmark writer Moin Rahman,
reviewers Carole Fennelly and Jason Kafer, Program Manager Joe Mingrone,
Justin Brown and Eric Pinnell at CIS, to Verisign
<https://www.verisign.com/>; for underwriting some of the cost of creating
the CIS FreeBSD 14 Benchmark and to all the generous donors
<https://freebsdfoundation.org/our-donors/donors/>; to the FreeBSD
Foundation for underwriting the remaining cost. THANK YOU!
FAQ

What is the Center for Internet Security (CIS) and CIS Benchmarks?


CIS=C2=AE <https://www.cisecurity.org/>; is a community-driven nonprofit
responsible for the CIS Controls=C2=AE and CIS Benchmarks=E2=84=A2, globall=
y recognized
best practices for securing IT systems and data.


The CIS Benchmarks are prescriptive configuration recommendations for more
than 25+ product families. They represent the consensus-based effort of
cybersecurity experts globally to help protect systems against threats more
confidently.


How does CIS consensus work?



CIS Benchmarks are created using a consensus review process comprised of a
global community of subject matter experts. The process combines real world
experience with data-based information to create technology-specific
guidance to assist users to secure their environments. Consensus
participants provide perspective from a diverse set of backgrounds
including consulting, software development, audit and compliance, security
research, operations, government, and legal.



What happens after the review?


Once the consensus review is complete and any change requests have been
addressed, the CIS FreeBSD 14 Benchmark will be published on the CIS site
in the OPERATING SYSTEMS category at this link:
https://www.cisecurity.org/cis-benchmarks:



All CIS Benchmarks are free to download as PDFs.


Initially, the CIS FreeBSD 14 Benchmark will only be available as a PDF.
The FreeBSD Foundation is working with CIS to scope the work needed to
enable FreeBSD in CIS Controls and other automated tooling.

Best,

--=20
Greg Wallace
Director of Partnerships & Research
M +1 919-247-3165
Schedule a meeting <https://calendly.com/greg-freebsdfound/30min>;
Get your FreeBSD Gear <https://freebsd-foundation.myshopify.com/>;

--00000000000075d63c061e66ec03
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><font face=3D"arial, sans-serif">Hi Enterprise WG,</font><=
div><font face=3D"arial, sans-serif"><br></font></div><div><span id=3D"gmai=
l-docs-internal-guid-e4492b24-7fff-6f54-193b-d0fb78b78c8d"><font face=3D"ar=
ial, sans-serif"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;ma=
rgin-bottom:0pt"><span style=3D"color:rgb(0,0,0);background-color:transpare=
nt;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-=
alternates:normal;vertical-align:baseline">The FreeBSD Foundation is please=
d to announce the release of the draft CIS FreeBSD 14 Benchmark for </span>=
<span style=3D"color:rgb(0,0,0);background-color:transparent;font-weight:70=
0;font-style:italic;font-variant-numeric:normal;font-variant-east-asian:nor=
mal;font-variant-alternates:normal;vertical-align:baseline">community conse=
nsus review</span><span style=3D"color:rgb(0,0,0);background-color:transpar=
ent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant=
-alternates:normal;vertical-align:baseline">.=C2=A0</span></p><p dir=3D"ltr=
" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><br></p><p di=
r=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span=
 style=3D"color:rgb(0,0,0);background-color:transparent;font-variant-numeri=
c:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vert=
ical-align:baseline">The draft document can be found here: </span><a href=
=3D"https://workbench.cisecurity.org/benchmarks/15908/files" style=3D"text-=
decoration-line:none"><span style=3D"background-color:transparent;font-vari=
ant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:n=
ormal;text-decoration-line:underline;vertical-align:baseline">https://workb=
ench.cisecurity.org/benchmarks/15908/files</span></a><span style=3D"color:r=
gb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-var=
iant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseli=
ne">=C2=A0</span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0p=
t;margin-bottom:0pt"><span style=3D"color:rgb(0,0,0);background-color:trans=
parent;font-variant-numeric:normal;font-variant-east-asian:normal;font-vari=
ant-alternates:normal;vertical-align:baseline">=C2=A0</span></p><p dir=3D"l=
tr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=
=3D"color:rgb(0,0,0);background-color:transparent;font-weight:700;font-vari=
ant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:n=
ormal;vertical-align:baseline">The consensus review period is scheduled to =
close on Monday August 12, 2024.</span></p><p dir=3D"ltr" style=3D"line-hei=
ght:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"color:rgb(0,0,0);=
background-color:transparent;font-variant-numeric:normal;font-variant-east-=
asian:normal;font-variant-alternates:normal;vertical-align:baseline">=C2=A0=
</span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-b=
ottom:0pt"><span style=3D"color:rgb(0,0,0);background-color:transparent;fon=
t-variant-numeric:normal;font-variant-east-asian:normal;font-variant-altern=
ates:normal;vertical-align:baseline">We would like to thank the FreeBSD Com=
munity for all of the work that went into this draft document. Special than=
ks to Benchmark writer Moin Rahman, reviewers Carole Fennelly and Jason Kaf=
er, Program Manager Joe Mingrone, Justin Brown and Eric Pinnell at CIS, to =
</span><a href=3D"https://www.verisign.com/" style=3D"text-decoration-line:=
none"><span style=3D"background-color:transparent;font-variant-numeric:norm=
al;font-variant-east-asian:normal;font-variant-alternates:normal;text-decor=
ation-line:underline;vertical-align:baseline">Verisign</span></a><span styl=
e=3D"color:rgb(0,0,0);background-color:transparent;font-variant-numeric:nor=
mal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-=
align:baseline"> for underwriting some of the cost of creating the CIS Free=
BSD 14 Benchmark and to all the </span><a href=3D"https://freebsdfoundation=
.org/our-donors/donors/" style=3D"text-decoration-line:none"><span style=3D=
"background-color:transparent;font-variant-numeric:normal;font-variant-east=
-asian:normal;font-variant-alternates:normal;text-decoration-line:underline=
;vertical-align:baseline">generous donors</span></a><span style=3D"color:rg=
b(0,0,0);background-color:transparent;font-variant-numeric:normal;font-vari=
ant-east-asian:normal;font-variant-alternates:normal;vertical-align:baselin=
e"> to the FreeBSD Foundation for underwriting the remaining cost. THANK YO=
U!</span></p><h1 dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margi=
n-bottom:0pt;padding:20pt 0pt 6pt"><span style=3D"color:rgb(0,0,0);backgrou=
nd-color:transparent;font-weight:400;font-variant-numeric:normal;font-varia=
nt-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline=
">FAQ</span></h1><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;ma=
rgin-bottom:0pt"><span style=3D"background-color:transparent;font-weight:70=
0">What is the Center for Internet Security (CIS) and CIS Benchmarks?</span=
><br></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bot=
tom:0pt"><br></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;ma=
rgin-bottom:0pt"><a href=3D"https://www.cisecurity.org/" style=3D"text-deco=
ration-line:none"><span style=3D"background-color:transparent;font-variant-=
numeric:normal;font-variant-east-asian:normal;font-variant-alternates:norma=
l;text-decoration-line:underline;vertical-align:baseline">CIS</span><span s=
tyle=3D"background-color:transparent;font-variant-numeric:normal;font-varia=
nt-east-asian:normal;font-variant-alternates:normal;text-decoration-line:un=
derline;vertical-align:baseline"><span style=3D"vertical-align:super">=C2=
=AE</span></span></a><span style=3D"background-color:transparent;font-varia=
nt-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:no=
rmal;vertical-align:baseline">  is a community-driven nonprofit responsible=
 for the CIS Controls</span><span style=3D"background-color:transparent;fon=
t-variant-numeric:normal;font-variant-east-asian:normal;font-variant-altern=
ates:normal;vertical-align:baseline"><span style=3D"vertical-align:super">=
=C2=AE</span></span><span style=3D"background-color:transparent;font-varian=
t-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:nor=
mal;vertical-align:baseline"> and CIS Benchmarks=E2=84=A2, globally recogni=
zed best practices for securing IT systems and data.=C2=A0</span></p><p dir=
=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><br></=
p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt=
"><span style=3D"background-color:transparent;font-variant-numeric:normal;f=
ont-variant-east-asian:normal;font-variant-alternates:normal;vertical-align=
:baseline">The CIS Benchmarks are prescriptive configuration recommendation=
s for more than 25+ product families. They represent the consensus-based ef=
fort of cybersecurity experts globally to help protect systems against thre=
ats more confidently.</span></p><p dir=3D"ltr" style=3D"line-height:1.38;ma=
rgin-top:0pt;margin-bottom:0pt"><br></p><p dir=3D"ltr" style=3D"line-height=
:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"color:rgb(0,0,0);bac=
kground-color:transparent;font-weight:700;font-variant-numeric:normal;font-=
variant-east-asian:normal;font-variant-alternates:normal;vertical-align:bas=
eline">How does CIS consensus work?</span></p><p dir=3D"ltr" style=3D"line-=
height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"color:rgb(0,0,=
0);background-color:transparent;font-variant-numeric:normal;font-variant-ea=
st-asian:normal;font-variant-alternates:normal;vertical-align:baseline">=C2=
=A0</span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margi=
n-bottom:0pt"><span style=3D"color:rgb(0,0,0);background-color:transparent;=
font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alt=
ernates:normal;vertical-align:baseline">CIS Benchmarks are created using a =
consensus review process comprised of a global community of subject matter =
experts. The process combines real world experience with data-based informa=
tion to create technology-specific guidance to assist users to secure their=
 environments. Consensus participants provide perspective from a diverse se=
t of backgrounds including consulting, software development, audit and comp=
liance, security research, operations, government, and legal.</span></p><p =
dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><sp=
an style=3D"color:rgb(0,0,0);background-color:transparent;font-variant-nume=
ric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;ve=
rtical-align:baseline">=C2=A0</span></p><p dir=3D"ltr" style=3D"line-height=
:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"color:rgb(0,0,0);bac=
kground-color:transparent;font-weight:700;font-variant-numeric:normal;font-=
variant-east-asian:normal;font-variant-alternates:normal;vertical-align:bas=
eline">What happens after the review?</span></p><p dir=3D"ltr" style=3D"lin=
e-height:1.38;margin-top:0pt;margin-bottom:0pt"><br></p><p dir=3D"ltr" styl=
e=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"colo=
r:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-=
variant-east-asian:normal;font-variant-alternates:normal;vertical-align:bas=
eline">Once the consensus review is complete and any change requests have b=
een addressed, the CIS FreeBSD 14 Benchmark will be published on the CIS si=
te in the </span><span style=3D"color:rgb(152,0,0);background-color:transpa=
rent;font-variant-numeric:normal;font-variant-east-asian:normal;font-varian=
t-alternates:normal;vertical-align:baseline">OPERATING SYSTEMS</span><span =
style=3D"color:rgb(0,0,0);background-color:transparent;font-variant-numeric=
:normal;font-variant-east-asian:normal;font-variant-alternates:normal;verti=
cal-align:baseline"> category at this link: </span><a href=3D"https://www.c=
isecurity.org/cis-benchmarks" style=3D"text-decoration-line:none"><span sty=
le=3D"background-color:transparent;font-variant-numeric:normal;font-variant=
-east-asian:normal;font-variant-alternates:normal;text-decoration-line:unde=
rline;vertical-align:baseline">https://www.cisecurity.org/cis-benchmarks</s=
pan></a><span style=3D"color:rgb(0,0,0);background-color:transparent;font-v=
ariant-numeric:normal;font-variant-east-asian:normal;font-variant-alternate=
s:normal;vertical-align:baseline">:</span></p><p dir=3D"ltr" style=3D"line-=
height:1.38;margin-top:0pt;margin-bottom:0pt"><br></p><p dir=3D"ltr" style=
=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"color=
:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-v=
ariant-east-asian:normal;font-variant-alternates:normal;vertical-align:base=
line"><span style=3D"border:1pt solid rgb(102,102,102);display:inline-block=
;overflow:hidden;width:624px;height:221px"><img src=3D"https://lh7-rt.googl=
eusercontent.com/docsz/AD_4nXdZpHUv-QlUylxMdmVo3qzZkfJka3uRny7N7-KHsg5mI-H3=
nEeBkDXHQtO0yRTbKkyOkzt2k-FrIbDJSfkSVUdBD9rdO5BtUGSuL863llwVEVzx8Dau3pP2_Nw=
iX9N1hOcp-qmwwW4xG47XSa4OuHMT9km1?key=3DU3ZKp7halfinQ77RmFOlRQ" width=3D"62=
4" height=3D"221" style=3D"margin-left: 0px; margin-top: 0px;"></span></spa=
n></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom=
:0pt"><br></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margi=
n-bottom:0pt"><span style=3D"color:rgb(0,0,0);background-color:transparent;=
font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alt=
ernates:normal;vertical-align:baseline">All CIS Benchmarks are free to down=
load as PDFs.=C2=A0</span></p><p dir=3D"ltr" style=3D"line-height:1.38;marg=
in-top:0pt;margin-bottom:0pt"><br></p><p dir=3D"ltr" style=3D"line-height:1=
.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"color:rgb(0,0,0);backg=
round-color:transparent;font-variant-numeric:normal;font-variant-east-asian=
:normal;font-variant-alternates:normal;vertical-align:baseline">Initially, =
the CIS FreeBSD 14 Benchmark will only be available as a PDF. The FreeBSD F=
oundation is working with CIS to scope the work needed to enable FreeBSD in=
 CIS Controls and other automated tooling. </span></p></font></span><br cla=
ss=3D"gmail-Apple-interchange-newline"><div>Best,</div><div><br></div><span=
 class=3D"gmail_signature_prefix">-- </span><br><div dir=3D"ltr" class=3D"g=
mail_signature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr"><font f=
ace=3D"tahoma, sans-serif">Greg Wallace</font><div><font face=3D"tahoma, sa=
ns-serif">Director of Partnerships &amp; Research</font></div><div><div><fo=
nt face=3D"tahoma, sans-serif"><img width=3D"96" height=3D"51" src=3D"https=
://ci3.googleusercontent.com/mail-sig/AIorK4wjP1JywV51T1uncasRi5dh2tUFJeZix=
_vPxSVpOhkm2zu1JmXD4jfm2U5IKBxTuPyUCfKI10o"></font></div></div><div><font f=
ace=3D"tahoma, sans-serif">M +1 919-247-3165<br></font></div><div><a href=
=3D"https://calendly.com/greg-freebsdfound/30min" target=3D"_blank"><font f=
ace=3D"tahoma, sans-serif">Schedule a meeting</font></a></div><div><a href=
=3D"https://freebsd-foundation.myshopify.com/" target=3D"_blank">Get your F=
reeBSD Gear</a></div></div></div></div></div>

--00000000000075d63c061e66ec03--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAP=s-_gVZzxePoJofy0ei1ZP-8ZVfkEwjS5hvziQm8wO=LkrcQ>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation