Skip to content

SiteQ8/CIS-Benchmark-Compliance-Checker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

39 Commits
.github
.github
Β 
Β 
configs
configs
Β 
Β 
docs
docs
Β 
Β 
examples
examples
Β 
Β 
scripts
scripts
Β 
Β 
src
src
Β 
Β 
tests
tests
Β 
Β 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
Β 
Β 
CONTRIBUTING.md
CONTRIBUTING.md
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
SECURITY.md
SECURITY.md
Β 
Β 
requirements-dev.txt
requirements-dev.txt
Β 
Β 
requirements.txt
requirements.txt
Β 
Β 
setup.py
setup.py
Β 
Β 

Repository files navigation

CIS Benchmark Compliance Checker

License Python Platform

Automated CIS Benchmark compliance auditing and remediation tool for Ubuntu, RHEL, Amazon Linux, Windows Server, and macOS

🎯 Overview

CIS Benchmark Compliance Checker is a security automation tool that helps organizations maintain compliance with Center for Internet Security (CIS) benchmarks across multiple operating systems.

Key Features

βœ… Multi-Platform Support: Ubuntu, RHEL, Amazon Linux, Windows Server, macOS
βœ… Automated Auditing: Run hundreds of CIS benchmark checks in minutes
βœ… Smart Remediation: Fix non-compliant configurations with rollback support
βœ… Rich Reporting: Generate HTML, JSON, and CSV reports with interactive dashboards
βœ… Customizable Profiles: Adapt checks to your organizational requirements
βœ… CI/CD Integration: Easily integrate into automated pipelines

πŸš€ Quick Start

Installation

# Clone the repository
git clone https://github.com/SiteQ8/CIS-Benchmark-Compliance-Checker.git
cd CIS-Benchmark-Compliance-Checker

# Install dependencies
pip install -r requirements.txt

# Run setup
python setup.py install

Basic Usage

# Run a compliance audit
python -m cis_checker audit --os ubuntu --level 1

# Generate HTML report
python -m cis_checker report --format html --output ./reports

# Apply remediation (with backup)
python -m cis_checker remediate --profile ubuntu_22_04 --backup

# Dry run to see what would change
python -m cis_checker remediate --dry-run

πŸ“Š Supported Platforms

Operating System Versions CIS Benchmark Version
Ubuntu Linux 20.04, 22.04, 24.04 v1.0.0 - v2.0.0
RHEL 8, 9 v2.0.0 - v3.0.0
Amazon Linux 2, 2023 v3.0.0
Windows Server 2019, 2022 v2.0.0 - v3.0.0
macOS 13, 14 v4.0.0 - v5.0.0

πŸ” Security Categories Checked

  1. Initial Setup: Filesystem, boot settings, mandatory access control
  2. Services: System services, special purpose services, service clients
  3. Network Configuration: Firewall, network parameters, protocol security
  4. Logging & Auditing: System accounting, log configuration, audit rules
  5. Access Control: PAM, SSH, user accounts, authentication
  6. System Maintenance: File permissions, system file integrity

πŸ“– Documentation

Documentation is available at: https://siteq8.github.io/CIS-Benchmark-Compliance-Checker

🀝 Contributing

Contributions are welcome! Please read our Contributing Guide for details.

πŸ”’ Security

Please report security vulnerabilities to [email protected]. See SECURITY.md for details.

πŸ“„ License

This project is licensed under the MIT License - see the LICENSE file for details.

πŸ“ž Contact

Disclaimer: This tool is provided as-is for security assessment purposes. Always test in a non-production environment first.

About

siteq8.github.io/CIS-Benchmark-Compliance-Checker/

Topics

it technology audit ics information-security kuwait ciso

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

3 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 1

CIS Benchmark Compliance Checker - 0.0.1 Initial Release Latest
Oct 23, 2025

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

 
 
 

Contributors

Languages