Information Security Standards

The State of Colorado has adopted the consensus-based Center for Internet Security standards to raise the level of security and privacy in State of Colorado IT systems.  Configuring IT systems in compliance with these Benchmarks has been shown to eliminate 80-95% of known security vulnerabilities.  The Benchmarks are globally used and accepted as the de facto user-originated standard for IT security technical controls.

The CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia.

The Benchmarks are:

• Recommended technical control rules/values for hardening operating systems, middleware and software applications, and network devices

• Unique, because the recommendations are defined via consensus among hundreds of security professionals worldwide

• Distributed by CIS in .PDF format (many benchmarks are also available to CIS Members in XCCDF, a machine-readable XML format for use with benchmark audit tools and Members' custom scripts)