* [Blog](https://www.paloaltonetworks.com/blog)
* [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/)
* Breaking Bad Habits with ...

# Breaking Bad Habits with CIS Benchmarks

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fbreaking-bad-habits-with-cis-benchmarks%2F)  
[](https://twitter.com/share?text=Breaking+Bad+Habits+with+CIS+Benchmarks&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fbreaking-bad-habits-with-cis-benchmarks%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fbreaking-bad-habits-with-cis-benchmarks%2F&title=Breaking+Bad+Habits+with+CIS+Benchmarks&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/breaking-bad-habits-with-cis-benchmarks/&ts=markdown)  
\[\](mailto:?subject=Breaking Bad Habits with CIS Benchmarks)  
Link copied  
By [Chanchal Sutradhar](https://www.paloaltonetworks.com/blog/author/chanchal-sutradhar/?ts=markdown "Posts by Chanchal Sutradhar")  
Jun 11, 2024  
5 minutes  
[Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown)  
[Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)  
[Compliance](https://www.paloaltonetworks.com/blog/cloud-security/category/compliance/?ts=markdown)  
[CIS Benchmarks](https://www.paloaltonetworks.com/blog/tag/cis-benchmarks/?ts=markdown)

In today's cyberthreat climate, organizations must prioritize the security of their IT infrastructure. The [Center for Internet Security (CIS) Benchmarks](https://www.cisecurity.org/cis-benchmarks) provide a set of comprehensive guidelines designed to safeguard systems against prevalent cyber risks. Adhering to these benchmarks, referred to as CIS compliance, is central to protecting cloud environments.

Prisma Cloud by Palo Alto Networks, a Code to Cloud^TM^ platform, simplifies the adoption of cloud security best practices outlined by CIS compliance. In this blog post, we'll explore the intricacies of CIS benchmarks and how Prisma Cloud helps organizations to comply with them.

## Understanding CIS Benchmarks

CIS independently develops and promotes best practices to secure IT systems and data against cyberthreats. CIS compliance involves adhering to these best practices, all of which have been rigorously tested and together serve as a comprehensive guide to strengthen IT infrastructure security across various platforms, including cloud-based and web server environments. Regarded as industry standards, CIS benchmarks align with regulations from ISO, [NIST](https://www.paloaltonetworks.com/cyberpedia/nist?ts=markdown) and HIPAA.

## How CIS Benchmarks Work

CIS Foundations Benchmarks are comprehensive guides designed to secure public cloud platforms. Despite being tailored to different [cloud service providers (CSPs)](https://www.paloaltonetworks.com/cyberpedia/cloud-service-provider?ts=markdown), these benchmarks share a common structure and features. Each benchmark provides detailed, prescriptive guidance on essential security areas such as [identity and access management (IAM)](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management?ts=markdown), logging and monitoring, and networking.

Each CIS Foundations Benchmark is organized systematically to ensure thorough and consistent security measures across various platforms. Here is an in-depth look at the sections included in each recommendation:
![CIS Benchmarks Overview](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/06/Multicolor-Pastel-Modern-Corporate-Infographic-And-Chart-Presentation-3.png)
Figure 1: In-depth look at CIS Benchmarks

## The Significance of CIS Benchmarks

Compliance with CIS benchmarks is not only a proactive measure against cyberthreats but also an affirmation of an organization's commitment to cybersecurity. It boosts customer confidence and often intersects with compliance for other critical standards like [GDPR](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance?ts=markdown), [HIPAA](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa?ts=markdown), and [PCI DSS](https://www.paloaltonetworks.com/cyberpedia/pci-dss?ts=markdown).
![Significance of CIS Benchmarks](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/06/word-image-323242-2.png)
Figure 2: Significance of CIS Benchmarks

## CIS Benchmarks and the Role of Prisma Cloud

Prisma Cloud protects applications across multicloud environments. The platform continuously monitors code, pipelines, cloud infrastructure, workloads, data, web applications and APIs for risks, compliance violations and threats. It aligns with the latest versions of CIS benchmarks across various cloud platforms --- Google Cloud Platform (v3.0.0), Microsoft Azure (v2.1.0), Amazon Web Services (v3.0.0), Oracle Cloud Infrastructure (v2.0.0), and Google Kubernetes Engine (v1.5.0).

Also, Prisma Cloud remains current with CIS Critical Security Controls (v8), which are integral to complying with a range of compliance standards, such as those set by NIST CSF, NIST SP 800-53 Rev.5, NIST SP 800-171 Rev.2, CMMC, CSA CCM, [SOC 2](https://www.paloaltonetworks.com/cyberpedia/soc-2?ts=markdown), HIPAA and PCI. These provisions protect organizations from known cyberthreats, as recommended by the Center for Internet Security.

## [Open the demo in a new window](https://interactive.prismacloud.io/share/mrdo9kvgraly).

## How Does Prisma Cloud Support CIS Benchmarks Compliance?

### Extensive Cloud Visibility

Prisma Cloud consolidates a comprehensive view of your cloud assets across platforms like Alibaba, Microsoft Azure, Amazon Web Services (AWS), Oracle Cloud Infrastructure (OCI), IBM and Google Cloud Platform (GCP), which is crucial for real-time compliance assessment and effective management.

### Automated Compliance Checks

Prisma Cloud automatically scans cloud configurations against the latest CIS benchmarks. This automation facilitates continuous oversight and adherence to security best practices without the need for manual intervention. By routinely comparing an organization's cloud environment against these industry-recognized benchmarks, Prisma Cloud identifies potential misconfigurations or noncompliant settings in real time.

### Guided Policy Enforcement and Remediation

Upon detecting noncompliance with a CIS benchmark, Prisma Cloud generates an alert that includes the nature of the issue, affected resources and relevant CIS controls. Accompanying the alert are contextual details outlining the failure, associated risks and potential impact. Users receive remediation instructions, which might involve configuration changes, permission updates or new security measures.

For efficiency, Prisma Cloud can automate remediation for certain issues or integrate with existing workflows. It supports policy-as-code for consistent policy enforcement, allows for policy customization to fit unique organizational needs and maintains continuous compliance monitoring to ensure ongoing adherence to CIS benchmarks and proactive issue detection.
![Detailed guidance for remediating a compliance violation](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/06/Snip20240610_51.png)
Figure 3: Detailed guidance for remediating a compliance violation

### Risk Evaluation and Prioritization

Within Prisma Cloud, sophisticated vulnerability assessment tools are employed to conduct risk evaluation and prioritization, effectively identifying and ranking security risks within the cloud environment. This prioritization ensures that the most critical vulnerabilities are addressed first. By discerning the level of risk --- taking into account factors such as potential impact and exploitability --- Prisma Cloud enables security teams to strategically plan remediation efforts and strengthen their security posture.

### Ongoing Updates for Compliance

Prisma Cloud continuously updates its compliance features to align with the latest CIS benchmarks, ensuring that as security standards evolve, so does the protection it offers. When the Center for Internet Security updates its benchmarks, Prisma Cloud automatically adapts its compliance checks, providing organizations with current and proactive assurance that their cloud environments remain secure and compliant.

### Detailed Reporting and Analytics

Prisma Cloud offers detailed reporting and analytics capabilities that deliver in-depth insights into an organization's cloud security and compliance posture. These comprehensive reports include data on the current status of compliance with standards like CIS benchmarks, analyses of risks prioritized by severity, and trends in the security landscape. This information simplifies internal and external audit processes by documenting all due diligence and compliance efforts. Additionally, the analytics aid in strategic security planning by enabling organizations to identify patterns and areas for improvement.

## Learn More

Prisma Cloud enables organizations to maintain not only compliance with CIS benchmarks but comprehensive security against a variety of cyberthreats. Its unification of multiple security tools into one Code to Cloud platform streamlines cloud security management.

To identify potential risks and compliance violations in your cloud, request a free [cloud security health check](https://www.paloaltonetworks.com/prisma/cloud/free-cloud-security-risk-assessment?ts=markdown). Alternatively, if you'd like to see how Prisma Cloud can address your CIS benchmark goals, consider [booking a personalized demo](https://www.paloaltonetworks.com/prisma/cloud/request-a-prisma-cloud-demo?ts=markdown).

*** ** * ** ***

## Related Blogs

### [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Compliance](https://www.paloaltonetworks.com/blog/cloud-security/category/compliance/?ts=markdown)

[#### Stay Ahead of Cyberthreats: Prisma Cloud and the Essential Eight Framework](https://www.paloaltonetworks.com/blog/cloud-security/essential-eight-cybersecurity-framework/)

### [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Compliance](https://www.paloaltonetworks.com/blog/cloud-security/category/compliance/?ts=markdown)

[#### Cloud Security Simplified: NIST CSF 2.0 Meets Prisma Cloud](https://www.paloaltonetworks.com/blog/cloud-security/nist-csf-2-compliance/)

### [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem-2/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown), [DSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/dspm/?ts=markdown)

[#### Weak Identity Governance Leads to Data Exposure --- 3 Attack Paths Explained](https://www.paloaltonetworks.com/blog/cloud-security/identity-goverance-data-exposure/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Compliance](https://www.paloaltonetworks.com/blog/cloud-security/category/compliance/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)

[#### Shifting Security Left with Prisma Cloud and HashiCorp Packer](https://www.paloaltonetworks.com/blog/cloud-security/secure-hashicorp-packer-images/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Compliance](https://www.paloaltonetworks.com/blog/cloud-security/category/compliance/?ts=markdown)

[#### Reduce Your Risk with the Kubernetes CIS Benchmark and Prisma Cloud](https://www.paloaltonetworks.com/blog/cloud-security/secure-kubernetes-cis-benchmark/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Compliance](https://www.paloaltonetworks.com/blog/cloud-security/category/compliance/?ts=markdown)

[#### 5 Best Practices To Help Secure Docker with Prisma Cloud](https://www.paloaltonetworks.com/blog/cloud-security/security-best-practices-docker/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language