Skip to Content
1
Sep 30 at 11:31 AM

CIS Benchmarks & SAP Compatibility

532 Views Last edit Oct 13 at 05:36 AM 3 rev

Hi,

We've a customer willing to implement CIS Benchmark Profile 2 (Level 2) for Operating Systems (SLES, Windows Sever) underlying SAP Systems.

We would like to ensure that the actions taken for Level 2 will not harm/stop SAP operations including DBs (HANA, ASE, MaxDB) and SAP Application Servers.

SuSE released a guide for this (Operating System Security Hardening Guide for SAP HANA for SUSE Linux Enterprise Server 15 GA and SP1 | SUSE Linux Enterprise Server for SAP Applications 15 GA and SP1) which is not directly referring to CIS Control List (current version 8 The 18 CIS Critical Security Controls (cisecurity.org)). To compare the hardening actions of SuSE against CIS Benchmark Levels requires deep investigation.

Is there any formal info about the CIS Levels (1 & 2) and SAP? I mean, if we apply CIS Level 1/2 hardening against SLES and Windows Server OS's, will SAP run?

Regards