Harden your Cisco Meraki configuration against CIS best practices. Prescriptive, consensus-based security checks that tell you exactly what to fix.
Start Free TodayCIS Benchmarks are prescriptive security configuration guides published by the Center for Internet Security. Developed through a consensus-based process involving cybersecurity professionals worldwide, they define the exact settings a device should have to be considered securely configured.
Unlike frameworks that describe outcomes (like NIST CSF) or high-level controls (like Cyber Essentials), CIS Benchmarks are deeply technical and specific. They tell you precisely which settings to enable, which to disable, and what values to configure — down to individual parameters.
For network infrastructure like Cisco Meraki, CIS Benchmarks cover management interface security, protocol hardening, authentication configuration, logging settings, and more. MerakiGuard maps your Meraki dashboard configuration against these prescriptive recommendations automatically.
Practical security settings that can be implemented on any organisation without disrupting business operations. These are the baseline — every Meraki deployment should meet L1. Recommendations are designed to be broadly applicable with minimal performance impact.
Stricter security configurations for environments with elevated risk. L2 settings may restrict certain functionality or require additional infrastructure (e.g. centralised logging servers, RADIUS). Recommended for environments handling sensitive data.
Each scan benchmarks your live Meraki configuration against CIS hardening recommendations. Here is what we inspect across your entire deployment.
Validates that Meraki Dashboard access is secured with HTTPS, session timeouts are configured, and management network access is restricted to authorised IP ranges where possible.
Level 1Checks for default or weak SNMP community strings (public/private). Verifies SNMPv3 is used where SNMP is enabled, with authentication and encryption configured.
Level 1Verifies that Network Time Protocol is properly configured with trusted time sources. Accurate timestamps are critical for log correlation, certificate validation, and incident investigation.
Level 1Checks that syslog is configured to forward logs to a centralised server, logging levels are appropriate, and security-relevant events (auth failures, config changes) are captured.
Level 1Validates encryption standards (WPA2/WPA3), authentication modes (802.1X vs PSK), SSID broadcast settings, client isolation, and rogue AP detection across all access points.
Level 1Reviews all dashboard administrator accounts for MFA enforcement, appropriate role assignments, inactive or stale accounts, and excessive full-org admin privileges.
Level 1Checks for proper VLAN segmentation, validates that management VLANs are separated from user traffic, and ensures inter-VLAN routing is controlled by explicit firewall rules.
Level 2CIS Benchmarks are referenced by virtually every major compliance standard. If you need to demonstrate secure configuration, CIS is the starting point.
Any organisation that takes network security seriously. CIS Benchmarks are the gold standard for device hardening, freely available, and backed by industry consensus.
Managed service providers use CIS Benchmarks to ensure consistent, defensible configurations across all client environments. Demonstrate due diligence at scale.
Healthcare, finance, and government organisations use CIS Benchmarks to satisfy the technical requirements of HIPAA, PCI-DSS, SOX, and other regulatory standards.
Default device configurations are designed for ease of setup, not security. Every unhardened setting is a potential entry point.
Default SNMP community strings, unchanged admin passwords, and default service accounts are the first things attackers check. Automated tools scan for these en masse.
Without a benchmark to measure against, configurations silently drift from secure baselines over time. Emergency changes, staff turnover, and ad-hoc fixes accumulate into real vulnerabilities.
Auditors reference CIS Benchmarks as the expected baseline. Failing to meet Level 1 recommendations results in findings that require expensive remediation under time pressure.
Weak VLAN segmentation and missing access controls allow attackers to move laterally once inside. A single compromised device becomes a launchpad for the entire network.
Connect your Meraki dashboard, run a scan, and see exactly which CIS Benchmark recommendations your network meets — and which need attention. Prescriptive fixes, not vague advice.
Start Free Today