CIS Benchmarks focus on operating systems and not specifically applications. Atlassian historically has taken a dim view on stating that their products meet these type of guidelines or compliances. I believe the major reason is that the tools are very extensible and can be configured to meet the requirements of whatever compliance you need them to. It's also possible to configure them in a manner that would not meet even basic security best practices.
Thanks for the information. Our security team requested this confirmation. CIS hardening is not required, it just means I need to fill in the details of each standard manually.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
![Dave Theodore [Coyote Creek Consulting]](https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net/557058:a1f94001-e8c1-4ab0-95d3-01a204687231/254ecf19-a9ab-40df-9b8a-51a3251ea418/128 "Dave Theodore [Coyote Creek Consulting]"){kind=avatar}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.