+31 23 234 0036 info@allthingscloud.nl

CIS Benchmark

A standard Windows 11 installation scores just 24% on the CIS Benchmark. That means three out of four security settings aren’t activated. macOS tells a similar story. Every device that isn’t hardened is an open door for attackers.

We implement CIS Benchmarks through Microsoft Intune and bring your endpoints’ compliance score to 97% and above. On Windows, macOS, iOS, and Android. One platform, all devices, demonstrably secure.

What are CIS Benchmarks?

CIS Benchmarks are internationally recognized security standards developed by the Center for Internet Security. They contain hundreds of detailed configuration recommendations for securely setting up operating systems, applications, and cloud platforms. From password policies and disk encryption to network security and application control.

 The benchmarks are continuously updated by a global community of security experts and independently validated. They form the foundation for compliance with regulations such as NIS2, ISO 27001, and the Dutch Baseline Information Security Government (BIO). While Microsoft Security Baselines provide a solid starting point, CIS Benchmarks go further with stricter and more comprehensive configuration requirements.

Level 1: Security settings that every organization should implement. Minimal impact on user experience, maximum improvement to security posture. Suitable for most business environments.

Level 2: Extended hardening for environments where security is the highest priority. Stricter settings that may limit functionality but provide a significantly higher security level. Suitable for organizations handling sensitive data or facing strict compliance requirements.

Why CIS Benchmarks through Microsoft Intune?

Many organizations already manage their devices with Microsoft Intune. But without CIS hardening, every device runs with default settings that provide insufficient protection. CIS has published specific benchmarks for Microsoft Intune (version 4.0.0 for Windows 10 and 11, plus benchmarks for macOS Sonoma and Sequoia via Intune). This means you can leverage the full power of CIS without additional tooling. 

We implement these benchmarks as configuration profiles in Intune. The result: every managed device is automatically hardened according to international standards. No manual work per device, no loose scripts, but policy that is centrally deployed and continuously monitored.

Get Compliant

What we do

CIS Compliance Baseline Assessment

We scan your current environment and measure your devices’ compliance score against the relevant CIS Benchmarks. You receive a clear report with your current score, the most significant deviations, and a prioritized roadmap. Most organizations are surprised by the result: a standard installation scores between 15% and 24%.

CIS Benchmark Implementation

Based on the baseline assessment, we implement CIS Level 1 and/or Level 2 benchmarks in your Intune environment. For Windows through the official CIS Intune Benchmark configuration profiles. For macOS through a combination of Intune Settings Catalog, custom configuration profiles, and remediation scripts. After implementation, the compliance score rises to approximately 97%.

Cross-platform hardening

CIS Benchmarks don’t just exist for Windows. We also implement benchmarks for macOS (Sonoma, Sequoia), iOS, iPadOS, and Microsoft 365. This way your entire device fleet is hardened according to the same standards, regardless of platform. This cross-platform approach is rare in the Netherlands and prevents macOS devices from becoming a security blind spot.

Compliance monitoring and drift detection

After implementation, the work isn’t done. Configurations change, new devices are added, updates can reset settings. We offer continuous monitoring that detects configuration drift immediately and alerts you. So you always know whether your devices still meet the benchmark.

Reporting and audit readiness

We deliver compliance reports that are directly usable for audits, management reviews, and compliance files. Including executive summaries for leadership and detailed technical reports for IT teams. When CIS publishes new benchmark versions, we review the changes and advise on adjustments.

Relevant for you?

CIS Benchmark compliance is relevant for any organization serious about endpoint security. Particularly for:

Cybersecurity Act (NIS2)

Organizations subject to the Dutch Cybersecurity Act (NIS2) that must implement demonstrable technical measures

SMBs

SMBs (50-250 employees) without a dedicated security team but with compliance obligations

Municipalities and government organizations

Municipalities and government organizations that must comply with the Baseline Information Security Government (BIO)

Healthcare

Healthcare organizations subject to NEN 7510 and NIS2

Suppliers and vendors

Suppliers and vendors that must meet security requirements through supply chain responsibility

CIS Benchmarks and the Dutch Cybersecurity Act (NIS2)

The Dutch Cybersecurity Act (the national implementation of the European NIS2 Directive) requires organizations to take appropriate technical measures to secure their network and information systems. CIS Benchmarks are an internationally recognized framework that directly supports this obligation.

 

By implementing CIS Benchmarks on your endpoints through Intune, you make a significant part of your NIS2 compliance demonstrable. You can show through reports what security level your devices have, how this develops over time, and that you are actively working on hardening. That is exactly what the law requires: demonstrable, appropriate measures.

How we do it

What to expect

Curious how your organization scores on the CIS Benchmark?
We offer a no-obligation baseline assessment that gives you
immediate insight into the security posture of your endpoints.
Concrete, clear, and with no strings attached.

Step 1: Inventory and baseline assessment

We map your current device landscape and measure the CIS compliance score. You know exactly where you stand.

Step 2: Benchmark selection

Based on your risk profile and industry, we advise which CIS Level (1 or 2) fits best. For most organizations, Level 1 is the right starting point.

Step 3: Implementation via Intune

We roll out the CIS configuration profiles through Microsoft Intune. Windows, macOS, and mobile platforms. Carefully tested, phased rollout.

Step 4: Validation and reporting

After deployment, we measure again and deliver a compliance report. Including any exceptions and their rationale.

Step 5: Continuous monitoring (optional)

With a CIS Compliance Retainer, we continuously monitor your environment for configuration drift and new benchmark versions. Quarterly or monthly reports, proactive remediation.

Contact

Send an e-mail or make an appointment

Ready for CIS?

Schedule a conversation and we’ll look at where the biggest risks are.