cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CIS Benchmarks

Hello all,

Can anyone advise whether FlexNet Manager Suite on-premise meets the CIS Benchmarks?

Ref: https://www.cisecurity.org/cis-benchmarks/ 

regards,

Peter

(1) Solution
ChrisG
By Community Manager Community Manager
Community Manager

If I understand the CIS Benchmarks right, this is a method for benchmarking a system, not a software product in isolation of an installed and operational system. I'm not aware of any organization that has assessed their FlexNet Manager Suite On-premises system against the CIS Benchmarks, but that doesn't mean it hasn't been done. I think Flexera may have done some assessment against CIS Benchmarks (or possibly others) in relation to the FlexNet Manager Suite Cloud system.

On a related note, security analyses of FlexNet Manager Suite On-premises are available and can be provided by Flexera on request to customers under an NDA.
(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

View solution in original post

(2) Replies
ChrisG
By Community Manager Community Manager
Community Manager

If I understand the CIS Benchmarks right, this is a method for benchmarking a system, not a software product in isolation of an installed and operational system. I'm not aware of any organization that has assessed their FlexNet Manager Suite On-premises system against the CIS Benchmarks, but that doesn't mean it hasn't been done. I think Flexera may have done some assessment against CIS Benchmarks (or possibly others) in relation to the FlexNet Manager Suite Cloud system.

On a related note, security analyses of FlexNet Manager Suite On-premises are available and can be provided by Flexera on request to customers under an NDA.
(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

Thanks Chris,

In this case, the customer uses a tool called GateKeeper to ensure that all applications that are deployed on to cloud workloads meet policies that are based on the CIS benchmarks.    I guess that an example of this would be to verify that the Flexera Kubernetes inventory agent component does not violate the OpenShift CIS Benchmark.   

Your answer at least confirms that the on-premise FNMS components have not been explicitly validated against any CIS benchmarks.

Peter