Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


CIS Benchmark Scans

SUMMARY To set up a Center for Internet Security (CIS) benchmark scan, you must complete a range of configuration tasks on the Admin, Assets, Vulnerabilities, and Risks tabs in JSA.

To set up CIS benchmark scan, the following prerequisites are needed:

  • Valid JSA Vulnerability Manager and JSA Risk Manager licenses.

  • You must have the correct license capabilities to perform the following scanning operations. If you need assistance to obtain a new or updated license key, contact your local sales representative or Juniper Customer Support.

  • If you patched from an earlier release of JSA, you must do an automatic update before you do a CIS benchmark scan.

The following eight steps are involved in setting up a CIS benchmark scan:
  1. Adding assets.
  2. Configuring a credential set.

    It is easier to add centralized credentials on the JSA Admin tab, but you can also add credentials when you create a benchmark profile.

  3. Creating an asset saved search.

    You use the asset saved searches when you configure the asset compliance questions.

  4. Modifying CIS benchmark checks in JSA Vulnerability Manager.

    You can create a custom CIS benchmark checklist by using the Compliance Benchmark Editor.

  5. Configuring a CIS benchmark scan profile in JSA Vulnerability Manager.
  6. Creating an asset compliance question in JSA Risk Manager.
  7. Monitoring the asset compliance question that you created.
  8. Viewing the CIS benchmark scan results.