# CIS Benchmark Mapper > Draft Secure Configuration Baselines (hardening guides) from CIS Benchmarks or STIGs into formal policy. Validates recurring Drift Analysis schedule (NIST CSF 2.0 PR.PS). Tags: NIST CSF, CIS Benchmarks, STIG, Hardening, GRC, Secure Configuration ## Example Prompts - Draft a hardening guide for our Windows servers using the CIS Benchmark - Turn the CIS Linux Benchmark Rationale and Remediation into our company baseline policy - Add a Drift Analysis section and validate the hardening guide with the audit tool URL: https://rakenne.app/skills/cis-benchmark-mapper/index.md Try this skill: https://rakenne.app/a/?skill=cis-benchmark-mapper ## Overview Draft and validate Secure Configuration Baselines (hardening guides) that turn CIS Benchmarks or STIGs into formal company policy, aligned to NIST CSF 2.0 Protect (PR.PS). The skill guides mapping of **Rationale** and **Remediation** from CIS/STIG into policy language and enforces a recurring **Drift Analysis** schedule so configurations are verified over time. One validation tool runs on the draft: **config_drift_procedure_audit** checks for a dedicated drift/baseline verification section and an explicit recurring schedule (e.g. quarterly, monthly). ## Example Conversation > **You:** We need a hardening guide for our Windows Server fleet. Use the CIS Microsoft Windows Server 2022 Benchmark and turn the Rationale and Remediation into our company baseline policy. Make sure we have a drift analysis procedure. > **Agent:** I'll draft the Secure Configuration Baseline with scope (Windows Server 2022), requirements mapped from the CIS Benchmark, and a Drift Analysis section with a quarterly schedule. Then I'll run **config_drift_procedure_audit** on the draft. > **Agent:** I've added the Drift Analysis section: "Configuration drift analysis is performed quarterly for all in-scope servers." Running **config_drift_procedure_audit**... > **Agent:** Result of **config_drift_procedure_audit**: > > --- CONFIG DRIFT PROCEDURE AUDIT --- > Result: PASS > Drift / baseline verification section: found. Recurring schedule: found (e.g. quarterly, monthly, or explicit cadence). > > The hardening guide passes the audit. You can finalize and publish. ## Extension tools | Tool | Purpose | |------|--------| | **config_drift_procedure_audit** | Run on the hardening guide draft before finalizing. Ensures a drift/baseline verification section exists and includes an explicit recurring schedule (e.g. quarterly, monthly) so configurations are re-verified over time. | ## Output excerpt After the agent drafts the baseline and runs the audit, the document includes scope, CIS/STIG-based requirements (Rationale → policy; Remediation → procedure), and a Drift Analysis section with schedule. Excerpt: ```markdown ## Drift Analysis Configuration baseline verification is performed **quarterly** for all in-scope servers and network devices. The responsible team compares current configurations to this baseline and documents any drift; exceptions are remediated or formally approved. Results are reported to GRC for alignment with NIST CSF 2.0 PR.PS. ``` --- Back to [Skill Library](https://rakenne.app/skills/index.md)