this post was submitted on 26 Jun 2025
1 points (100.0% liked)

cybersecurity

14 readers
1 users here now

This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc.

founded 2 years ago
MODERATORS
[email protected]
1
Easiest way to implement CIS hardening (zerobytes.monster)
submitted 4 days ago by [email protected] to c/[email protected]
0 comments fedilink hide all child comments
 
The original post: /r/cybersecurity by /u/GiraffeProper3744 on 2025-06-25 12:24:26.

I'm curious as to what you guys think is the easiest way to implement CIS hardening on machines, mainly Windows machines. I've come across a few ways:

  • Intune
  • HardeningKitty
  • Manually building GPOs
  • CIS Build Kits
  • PowerShell scripts on GitHub, etc.

Every one of these has its pros and cons. Obviously the CIS build kits are paid, the PowerShell scripts are mostly outdated/cause issues, Intune only works if you manage devices via Intune (if I'm not mistaken).

The sweet spot is HardeningKitty I believe. The only issue is it doesn't really separate the fixes into L1 and L2 . This could be problematic. I'm curious if there are any other tools/scripts/ways you guys can suggest?

Paid or free, either works. Thanks

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here