Hey guys.
We have a customer who per some new cybersec insurance, requires all their internal IT to be CIS hardened. So now we have to make sure that what we deliver is also CIS Hardened. We are currently using openvas for various tests, but is it possible to use it for that specific purpose, as CIS´s own testing tool costs a fortune.
Also, does any1 know what it actually does differently than an openvas vuln scan?
Thanks 