The Center for Internet SecurityThe Center for Internet Security Site MapContact UsPrivacy Policy
The Center for Internet Security
HomeNewsWhat is CIS?Benchmarks/ToolsOther ResourcesJoin UsTestimonialsFAQ
Become a Member of CIS - Click here for more info

More than 170 members, from around the wrold! Click here for more info

Get Involved - Click here for more info



CIS certifies commercial software. Click here for more info

CIS licenses resources for commercial use. Click here for more info.

click here to find out about CIS trademarks.

Click here to find out about upcoming conferences and events!

 Benchmarks/Tools

Download the Benchmarks FREE of CHARGE
The Security Configuration Benchmarks below are distributed free of charge to propagate their worldwide use and adoption as user originated, de facto standards.

The CIS Benchmarks are the ONLY consensus best practice security configuration standards both developed and accepted by government, business, industry, and academia.

The Benchmarks are:

  • Recommended technical control rules/values for hardening operating systems, middleware and software applications, and network devices;
  • Unique, because the recommendations are defined via consensus among hundreds of security professionals worldwide;
  • Downloaded approximately 1 million times per year;
  • Distributed freely by CIS in .PDF format (some are available to CIS Members only in XML format via the CIS Members web site);
  • Used by thousands of enterprises as the basis for security configuration policies and the de facto standard against which to compare them.
For more information about the benchmarks and tools:
CIS Benchmarks/Scoring Tools - Now available, free of charge!
Operating Systems
Benchmark Version Updated
Windows XP Professional SP1/SP2 2.01 09/09/2005
Windows Server 2003 2.0 11/21/2007
Windows 2000 Professional 2.2.1 12/17/2004
Windows 2000 Server 2.2.1 12/17/2004
Windows 2000 1.2.2 02/04/2005
Windows NT 1.05 03/04/2005
Mac OS X 10.5 (Leopard) 1.0 05/21/2008
Mac OS X 10.4 (Tiger) 2.0 10/16/2006
FreeBSD 1.0.5 10/21/2005
Solaris 10 2.1.3 06/26/2007
Solaris 10 11/06 and 8/07 4.0 11/01/2007
Solaris 2.5.1 - 9.0 1.3 08/11/2004
HP-UX 1.4.2 06/03/2008
AIX 1.01 10/21/2005
Red Hat Linux 5 (for RHEL 5) 1.1 04/28/2008
Red Hat Linux 4 (for RHEL 2.1, 3.0, 4.0 and Fedora Core 1,2,3,4, & 5) 1.0.5 10/01/2006
SUSE Linux 2.0 05/21/2008
Slackware Linux 1.1 06/16/2006
Debian Linux 1.0 08/17/2007
Novell OES:NetWare 1.0 08/14/2006
Network Devices
Wireless Networks 1.0 04/14/2005
Cisco IOS Router 2.2 11/20/2007
Cisco ASA, FWSM, and PIX 2.0 11/20/2007
Check Point Firewall 1.0 12/11/2007
Applications
Exchange Server 2003 1.0 08/15/2005
Exchange Server 2007 1.0 12/31/2007
Oracle Database 8i 1.2 04/06/2005
Oracle Database 9i/10g 2.01 08/14/2006
Oracle Database 11g 1.00 09/12/2008
Apache Web Server 2.2 11/10/2008
MySQL 1.0 08/02/2007
SQL Server 2005 1.1.0 12/05/2008
SQL Server 2000 1.0 12/15/2005
BIND 1.0 01/05/2006
Novell eDirectory 1.0 06/12/2006
IIS 1.0 08/16/2007
OpenLDAP 1.0 08/16/2007
FreeRADIUS 1.0 08/16/2007
Virtual Machine 1.0 10/18/2007
Xen Server 3.2 05/16/2008
VMWare ESX Server 1.0 10/18/2007

Logo and Design by Keiler
© 2005, the Center for Internet Security.