Case Study – How Kinecta Achieved CIS Benchmark Compliance Using CalCom CHS

The Challenge – Meeting CIS Benchmarks Without Disrupting Customer Service

Kinecta, an 85-year-old credit union, ranked among the top 40 in the U.S. by total assets, prides itself on a long history of customer and community service. After its 2021 merger with Xceed FCU, Kinecta expanded its presence across the U.S. enabling it to serve more customers. Simultaneously, it increased its attack surface and inherited more infrastructure to secure.
Kinecta’s mission is “To guide our members and communities to financial security.”

In order to comply with NCUA regulations and avoid penalties, Kinecta’s IT team adopted the industry standard CIS Benchmarks as its server hardening framework. While this was a step in the right direction, Kinecta would need to roll out hardened baseline images across thousands of Windows servers. In order to avoid potential system outages, this process would need to be executed flawlessly. The team’s implementation challenges included:

• Harden thousands of Windows servers in a complex environment
• Avoid outages or broken dependencies during the rollout
• Maintain 24/7 availability for credit union members who rely on system access
• Harden thousands of Windows servers in a complex environment
• Achieve compliance requirements without error or service risk
• Coordinate changes across teams without delays or conflicts

The Solution – CalCom Hardening Suite (CHS)

Kinecta chose CalCom to help them automate server hardening and achieve CIS Benchmarks compliance. CalCom Hardening Suite (CHS). CHS is a baseline hardening solution designed to address the needs of IT operations and security teams.

After being deployed, CHS was launched in learning mode in order to profile and analyze Kinecta’s each production server in the environment. Then it generated a detailed report per server detailing how each policy change would impact system funcitonality. These reports were tailored to Kinecta’s specific requirements, services, and applications. The reports are available from the CHS Dashboard.

CalCom CHS gave Kinecta the confidence that it could enforce its new policies without worrying about system downtime that could harm its members and damage its reputation.

As a result of implementing CHS, Kinecta’s IT Team gained –
No more risk of outages during server hardening

• Complete visibility into the impact of each policy change
• Fewer manual tasks and less room for human error
• Compliance without compromising operational stability
• A controlled, predictable rollout across all systems
• Centralized dashboards to manage changes
• With this visibility, Kinecta was able to push hardened configurations confidently, knowing CHS had flagged any risky settings in advance.

The Result: Secure, Confident Rollout of Hardened Server Configurations

After a successful rollout, Kinecta was now facing a fresh challenge. They need to maintain their hardened server baselines in a complex, high-demand environment. Without CHS, Kinecta would need to deploy complex change management procedures, use scanners that only perform gap analysis, and effectively start the whole hardening process from scratch.

With CalCom CHS, Kinecta is facing the future with confidence. CHS made efficient change management a reality. It centralizes Kinecta’s control over all aspects of the hardening process. This means that it can proactively prevent suspicious incidents that result from well-intentioned mistakes or malicious intent. CHS has established a solid foundation for server hardening that can be built upon for future projects.

Beyond the Rollout: Operationalizing Hardening

CHS isn’t just a deployment tool — it’s now part of Kinecta’s ongoing server lifecycle. Instead of rescanning and re-auditing from scratch, the team uses CHS to:

• Enforce and maintain hardened baselines
• Detect config drift early
• Prevent accidental exposure due to misconfiguration
• The bottom line for sysadmins: fewer tickets, fewer surprises, and a hardening process that’s finally manageable at scale.