Has anyone already done the work to create the policies and reporting to against the CIS Benchmarks (Center for Internet Security), which they would be willing to export and share? I have committed to getting Policy Compliance running against our Windows and Red Hat Enterprise Linux servers, need to have the reports present in order, and identified, based on the CIS MSBs, and it appears to be a time consuming job. I'm willing to do the work, and share the result, but I'm somewhat burdened, so even dividing the work and sharing with each other would be helpful.
To clarify, (just in case), I wish to be able to report similar to the CIS-CAT tool, but with Qualys, so we can automate and merge the data with our VM scan data. Eventually, I will have a CIS MSB report, and a report with our exceptions, so we can present the data either way for our server owners.
Thanks in advance,