September 26, 2017
Featured / Security

IT Security Services for CIS Compliance

Written by Jeff Gaines

Security and compliance go hand-in-hand. Even if you are not one of the many businesses that is forced to comply with a federal or industry compliance framework, that doesn’t mean you shouldn’t still do so.


Security is of primary importance to anybody involved in the management of end-user devices. Every company in every industry needs to ensure that their devices are secure, but for some, compliance to security standards is legally mandated.

Industries that retain sensitive or confidential information, such as healthcare, finance, government, retail, and eCommerce have to conform to standards that include HIPAA, FISMA, PCI, SOC 2, ISO 27001, and CIS, among others. These regulatory requirements must be met within these industries, and the IT department must ensure it is done correctly.

CIS to the Rescue

With mounting urgency to stay on top of these regulations amid the explosion of Macs and other Apple devices penetrating the workforce—not to mention the increasing sophistication of today’s cyber-threats—IT professionals everywhere are scrambling to find a tailored solution.

Fortunately, the Center for Internet Security (CIS) has developed points of reference (benchmarks) that can be leveraged to ensure security compliance for MacOS and iOS devices.

The CIS was established to provide the IT community with best practices in order to help protect the organizations they serve from malicious online attacks. The CIS is a not-for-profit, independent body comprised of an international community of cyber security professionals who are dedicated to safeguarding systems, networks, and software against the kinds of insidious threats we are seeing today.

Their benchmarks are essentially configuration blueprints for scores of platforms and technologies—and best of all, they’re free.

These configurations provide comprehensive examples of exactly how to keep iOS and MacOS devices secure.

Some of the steps the CIS suggest include:

    • Turning on FileVault (an encryption tool that is built into every Apple device)
    • Enforcing Gatekeeper (an anti-malware tool)
    • Disabling print sharing
    • Enabling Firewall Stealth Mode

Each of these benchmarks can be enabled or disabled according to regulatory needs.

Related: See how we helped Okta implement Jamf Pro, prepare for zero-touch, and meet CIS compliance.

Using Jamf Pro for Enforcement & Remediation

Automating the process is also possible using an MDM (mobile device management) solution, such as Jamf Pro. Using the Jamf Pro platform as a launching pad, IT admins can define security policies and deploy them across the environment to enforce rules and report on their controls without actually touching the end user’s device.

Through the MDM, controls can be built into your systems and deployed centrally to your iOS and Mac devices.These could include:

    • Password enforcement
    • Restricting access to specific URLs, personal cloud services, or features like the built-in camera
    • Blocking malicious applications
  • Encryption reporting

Taking it one step further, IT admins can leverage scripts to make the application of CIS best practices easy to deploy across your entire inventory of devices, or to a subset. Once the scripts are implemented, IT applies the appropriate security controls and can schedule compliance checks and remediation to run automatically.

To learn more about CIS benchmarks and how to apply them in your environment, call Interlaced today.

Jeff Gaines

Jeff Gaines

Jeff has served as an operating executive at Interlaced since 2016. He is deeply passionate about driving impact for Interlaced, for his community, and for his loved ones. In his spare time, Jeff loves spending time with his wife and son at the world famous San Diego Zoo, enjoying tacos on the beach in Baja, cheering on the San Diego Padres, adventuring outdoors and playing music with friends. Jeff’s top 3 films of all time are Point Break (the original), Road House and Field of Dreams.