Skip to Content
Sep 30 at 11:31 AM

CIS Benchmarks & SAP Compatibility

532 Views Last edit Oct 13 at 05:36 AM 3 rev


We've a customer willing to implement CIS Benchmark Profile 2 (Level 2) for Operating Systems (SLES, Windows Sever) underlying SAP Systems.

We would like to ensure that the actions taken for Level 2 will not harm/stop SAP operations including DBs (HANA, ASE, MaxDB) and SAP Application Servers.

SuSE released a guide for this (Operating System Security Hardening Guide for SAP HANA for SUSE Linux Enterprise Server 15 GA and SP1 | SUSE Linux Enterprise Server for SAP Applications 15 GA and SP1) which is not directly referring to CIS Control List (current version 8 The 18 CIS Critical Security Controls ( To compare the hardening actions of SuSE against CIS Benchmark Levels requires deep investigation.

Is there any formal info about the CIS Levels (1 & 2) and SAP? I mean, if we apply CIS Level 1/2 hardening against SLES and Windows Server OS's, will SAP run?