CIS Benchmarks publishes freely available community standards for configuring hardened systems and services.
Included in this repository are audit scripts for some CIS benchmarks, namely benchmark v2.1.1 of Centos 7. These scripts simply implement the checks detailed in the benchmark document. If all recomendations in a benchmark are blindly implemented, the result is a system no one can log into (which is secure, but not especially useful). Thus, no position is taken on whether the benchmark "passed" or "failed" as a whole; checks are simply performed and results are reported on-screen, with a total checked/passed/failed summary at the end.