Sophos Cloud Optix has now been certified by CIS (Center for Internet Security) to accurately assess AWS, Azure and GCP environments based on best practices for secure configuration.
Developed through a unique consensus-based process comprised of cybersecurity professionals and subject matter experts around the world, CIS Benchmarks are recommended as industry-accepted system hardening standards and are used by organizations in meeting compliance requirements for Federal Information Security Management Act, PCI, Health Insurance Portability Accountability Act and other security requirements.
By certifying Cloud Optix with CIS, Sophos has demonstrated commitment to actively solve the foundational problem of ensuring secure configurations are used throughout AWS, Azure and GCP environments.
Not all certifications are equal
CIS Benchmark Certification is awarded on two profile levels. The intent of the Level 1 profile is to lower the attack surface of your organization while keeping machines usable and not hindering business functionality. The Level 2 profile is considered "defense in depth" and is intended for environments where security is paramount.
Organizations should investigate whether a vendor offers the level of certification required for their industry, or compliance standard. Sophos has provided evidence that Cloud Optix can accurately report security recommendations in both level 1 and level 2 CIS Benchmark profiles.