CIS Benchmark Scans
SUMMARY To set up a Center for Internet Security (CIS) benchmark scan, you must complete a range of configuration tasks on the Admin, Assets, Vulnerabilities, and Risks tabs in JSA.
To set up CIS benchmark scan, the following prerequisites are needed:
-
Valid JSA Vulnerability Manager and JSA Risk Manager licenses.
-
You must have the correct license capabilities to perform the following scanning operations. If you need assistance to obtain a new or updated license key, contact your local sales representative or Juniper Customer Support.
-
If you patched from an earlier release of JSA, you must do an automatic update before you do a CIS benchmark scan.
- Adding assets.
- Configuring a credential set. Tip:
It is easier to add centralized credentials on the JSA Admin tab, but you can also add credentials when you create a benchmark profile.
- Creating an asset saved search.
You use the asset saved searches when you configure the asset compliance questions.
- Modifying CIS benchmark checks in JSA Vulnerability Manager.
You can create a custom CIS benchmark checklist by using the Compliance Benchmark Editor.
- Configuring a CIS benchmark scan profile in JSA Vulnerability Manager.
- Creating an asset compliance question in JSA Risk Manager.
- Monitoring the asset compliance question that you created.
- Viewing the CIS benchmark scan results.