Wednesday, August 16, 2023

What is the difference between Level 1 and Level 2 CIS benchmarks?

The Level 1 profile is considered a base recommendation that can be implemented fairly promptly and is designed to not have an extensive performance impact. The intent of the Level 1 profile benchmark is to lower the attack surface of your organization while keeping machines usable and not hindering business functionality.

The Level 2 profile is considered to be “defense in depth” and is intended for environments where security is paramount. The recommendations associated with the Level 2 profile can have an adverse effect on your organization if not implemented appropriately or without due care.

Tenable Security Center: What do BL and NG mean that?

BL is for BitLocker audit

NG is for Microsoft Next Generation Windows Security audit

For example:

CIS Level 1 (L1) + BitLocker (BL)

CIS Level 1 (L1) + BitLocker (BL) + Next Generation Windows Security (NG)