Custom profiles

A custom profile is a benchmark profile that you customize to fit your organization's internally defined standards. You can base a custom profile on an existing benchmark and profile combination, and then specify which rules to apply.

For example, assume that your Center for Internet Security (CIS) Benchmark includes a rule that prohibits users from reusing any of the last 24 passwords that they specified. However, your organization enforces a stricter password policy. In this case, you could create a custom profile that enforces all other benchmark rules but excludes the CIS password rule. In this way, you would achieve more realistic compliance scores.

Custom profiles are typically created for long-term use. During an audit, you can note that a custom profile is applied to meet your organization's requirements.

The Security Compliance Management API allows you to retrieve lists of profiles and information about specific profiles using the Profiles endpoints.

• Create a custom profile
• Delete a custom profile
• Export a custom profile