Back to Blog Home

Elevate Your Cybersecurity Game With the CIS Benchmark for YugabyteDB

Center for Internet Security Releases a Benchmark for YugabyteDB Data Security Standards

Davis Dinh and Sergey Stelmakh

January 31, 2024

Stop your scroll! Yugabyte and the Center for Internet Security (CIS) have set a new (gold) standard in data security and performance. We’re excited to announce a CIS benchmark created for the YugabyteDB database. Read on for the essential details (i.e. why you should care) and insights into how this can impact your business (i.e. the benefits).

What is the CIS Benchmark?

Center for Internet Security logo

The Center for Internet Security (CIS) is a community of global cybersecurity experts. CIS benchmarks provide globally recognized and consensus-driven best practices, guiding security practitioners in effectively configuring, implementing, and managing their cybersecurity defenses. While primarily focused on Linux-based platforms, these best practices apply to other platforms based on PostgreSQL and Apache Cassandra (NOTE: YugabyteDB is compatible with both).

Why are CIS Benchmarks Important?

The CIS benchmarks help companies of all sizes follow a rigorous and detailed plan to ensure security best practices are followed. This allows them to protect business-critical data better, avoid cybersecurity gaps, and better meet the needs of regulatory requirements. Implementing CIS Benchmarks enhances the security of legacy systems against prevalent and emerging risks through measures like disabling unused ports, revoking unneeded app permissions, or restricting administrative privileges.

But a boosted security “net” is not the only benefit. IT systems and applications also perform better when unnecessary services are disabled.

CIS Benchmark Benefits

  • Expert cybersecurity guidelines. CIS Benchmarks offer organizations a set of security configuration frameworks that are developed and validated by experts. Companies benefit from the collected expertise of a broad IT and cybersecurity community, sidestepping the trial-and-error scenarios that put security at risk.
  • Globally recognized security standards. CIS Benchmarks are the only global best practice guides recognized and accepted across governments, businesses, and research/academic circles. Their development through consensus-building among a diverse, worldwide community ensures broader relevance and acceptance than regional security standards.
  • Cost-effective threat prevention. CIS Benchmark documentation is available for free, providing comprehensive, up-to-date instructions for a wide variety of IT systems at no cost. This means that companies can enforce IT governance and protect against the financial and reputational risks associated with cyber threats without incurring additional costs.
  • Regulatory Compliance. These benchmarks align with major security and data privacy frameworks, including:
    1. National Institute of Standards and Technology (NIST) Cybersecurity Framework
    2. Health Insurance Portability and Accountability Act (HIPAA)
    3. Payment Card Industry Data Security Standard (PCI DSS)
    4. ISO 27001

>>> YugabyteDB Achieves ISO 27001 Certification>>> 

Implementing CIS Benchmarks dramatically helps companies achieve compliance, especially those operating in heavily regulated industries such as finance and healthcare. Adopting CIS Benchmarks can help prevent compliance failures due to misconfigured IT systems.

CIS Benchmark for YugabyteDB

The Center for Internet Security (CIS) has published a benchmark for the YugabyteDB database, which covers release 2.20.x of our self-managed deployment model (YugabyteDB Anywhere).  YugabyteDB is the first distributed SQL database to complete the benchmark and joins a select group of databases including Db2, Cassandra, MariaDB, MongoDB, Oracle, SQL Server, and PostgreSQL.

The YugabyteDB benchmark was a collaborative effort between Yugabyte and CIS to:

  • Thoroughly analyze the YugabyteDB database architecture, components, and potential security risks.
  • Define a set of secure configuration settings using existing security benchmarks, standards, and guidelines.
  • Develop testing procedures to validate the effectiveness of the benchmark recommendations.
  • Gather feedback through public comment periods or discussions to ensure that the benchmark reflects a consensus of industry best practices.

This benchmark is tailored for system and application administrators, security specialists, auditors, help desk, and platform deployment personnel involved in developing, deploying, assessing, or securing solutions using YugabyteDB. Its purpose is to strengthen the security defenses of the Yugabyte database and act as a secure baseline to achieve compliance with various industry regulations and frameworks.

It was subjected to continuous consensus reviews by YugabyteDB experts and security professionals from various fields like consulting, software development, audit/compliance, security research, legal, operations, and government. It offers a diverse range of perspectives on cybersecurity.

Two Levels of Security Settings Available

The CIS benchmarks provide two levels of security settings:

  1. Level 1. These are essential, basic security requirements recommended for any system. They are designed to provide robust security without causing service interruptions or reducing functionality.
  2. Level 2. These recommended settings are designed for environments needing a higher level of security. Designed to provide higher levels of security, they may slightly reduce functionality.

You can review both levels of security recommendations in the CIS YugabyteDB Benchmark.

What the CIS Benchmark for YugabyteDB Provides

The CIS Benchmark for YugabyteDB offers a comprehensive roadmap to robust security and compliance. Here’s what it brings to your organization:

  1. Comprehensive Security Guidelines: The CIS YugabyteDB benchmark provides a comprehensive set of security guidelines specifically for the Yugabyte database. From encryption protocols to access controls, every aspect of your database’s security has been examined and strengthened to meet the highest standards of your industry.
  2. Regulatory Compliance Confidence: Staying compliant with all the different data protection regulations is no longer a challenge. The CIS YugabyteDB benchmark aligns your database with the latest industry standards (such as the NIST SP-800 series), providing peace of mind in a landscape where regulatory compliance is non-negotiable.
  3. Continuous Improvement: To adapt to the constantly evolving threat landscape, the benchmark will undergo regular reviews and updates by CIS and Yugabyte. This ensures YugabyteDB is consistently safeguarded against the latest security challenges.
  4. Global Impact: The release of this CIS benchmark signifies a major step for global data security. It underscores Yugabyte’s dedication to providing a secure and high-performance distributed PostgreSQL database solution, catering to the critical data needs of businesses and enterprises worldwide.
Center for Internet Security logo - YugabyteDB

The CIS Benchmark for YugabyteDB Data Security Standards is available to download for free (in PDF format).

Download now

January 31, 2024
CIS BenchmarkSecurityYugabyteDB Anywhere

Davis Dinh and Sergey Stelmakh

January 31, 2024

Related Posts

Explore Distributed SQL and YugabyteDB in Depth

Discover the future of data management.
Learn at Yugabyte University
Get Started
Browse Yugabyte Docs
Explore docs
PostgreSQL For Cloud Native World
Read for Free