Main tasks

• Use the latest CIS benchmark PDF from https://downloads.cisecurity.org/#/
• Verify IDs numbers.
• Verify texts are correct: Title, Description, Rationale and Remediation.
• Verify Compliance: CIS, CIS_CSC.
• Verify condition and rules:
  • To Pass.
  • To Fail.
• Solve Related issues:
• CIS Benchmark Tests and how they treat missing registry keys are different between OS versions #16479

Checks

Syntax and semantic

• a) ID of each policy must be contiguous.
• b) The order and format set in Documentation must be respected.
• c) YML must be valid to avoid errors.

Content

• a) Compare each check with its analog from CIS Benchmark.
• b) Try maintaining each rule as similar as possible with the Audit section from the CIS check.
• c) Check that the commands provide the expected output.
• d) When a failure is discovered, check similar policies to avoid repetition of the issue.

Unit testing

• a) Output from agent.log after the SCA scan and a raw output of the result of the checks.

2023/11/09 17:16:09 sca: INFO: Evaluation finished for policy 'C:\Program Files (x86)\ossec-agent\ruleset\sca\cis_win10_enterprise.yml'
2023/11/09 17:16:09 sca: INFO: Security Configuration Assessment scan finished. Duration: 81 seconds.

Deployment

• a) If the policy it's new, it must be added to the sca.files templates.
• b) If the OS has many supported SCA policies, a policy must be set as the default policy. (as example)

Documentation

• a) Ensure documentation SCA list includes the created or updated SCA.