CIS Benchmarks December 2020 Update

CIS-Benchmarks

CIS is excited to announce the release of the following CIS Benchmarks. These CIS Benchmark releases would not have been possible without the time and support of community contributors through the form of tickets, comments, and joining our community calls. Your contributions are invaluable to our consensus process and we thank you for volunteering.

CIS Apple iOS 14 and iPadOS 14 Benchmark v1.0.0

Prescriptive guidance for Apple iOS 14 and iPadOS 14. The guide was tested against the Apple iOS 14.1 and iPadOS 14.1 and using Apple Configurator v2.13.1. At publication, devices supported by iOS 14 or iPadOS 14 include:

  • iPhone 6s and later
  • iPod touch (7th generation) and later
  • iPad Pro and later
  • iPad (5th generation)
  • iPad Air 2
  • iPad mini 4 and later

The current guidance considers iOS and iPadOS devices as having the same use cases and threat scenarios. In all but a very few cases, configuration steps, default settings, and CIS Benchmark recommended settings are identical regardless of hardware platform or operating system. For the few cases where variation exists, the CIS Benchmark notes the difference within the respective section.

Special thanks to Paul Campbell for his contributions to make this release possible.

Download the CIS Apple iOS 14 and iPadOS 14 Benchmark PDF

CIS SecureSuite Members can visit CIS WorkBench to download other formats and related resources.

CIS Apple macOS Benchmark Updates

Prescriptive guidance for establishing a secure configuration posture for Apple macOS 10.14 and 10.15 respectively. Each guide was tested against the applicable Apple macOS 10.14 and 10.15 systems.

Special thanks to Ron Colvin and William Harrison for their contributions to these releases.

Download the CIS Apple macOS 10.14 v1.1.0 Benchmark PDF

CIS SecureSuite Members can visit CIS WorkBench to download other formats and related resources.

CIS AWS End User Compute Services Benchmark v1.0.0

Prescriptive guidance for configuring security options for the services within End User Computing category in AWS. The CIS Benchmark is intended to be used in conjunction with the CIS Amazon Web Services Foundations Benchmark. For more information about this approach see the introduction section of the CIS Benchmark. The specific AWS Services in scope for this document include:

  • Amazon WorkSpaces
  • Amazon WorkDocs
  • Amazon AppStream 2.0
  • Amazon WorkLink

Thank you to all in the community who have contributed to the development of this CIS Benchmark. Special thanks to Greg Carpenter for all of his authoring efforts!

Download the CIS AWS End User Compute Services Benchmark PDF

CIS SecureSuite Members can visit CIS WorkBench to download other formats and related resources.

CIS IBM Cloud Foundations Benchmark v1.0.0

Prescriptive guidance for establishing a secure baseline for the IBM Cloud environment, and covering the foundational elements of IBM Cloud. The recommendations detailed here are important security considerations when designing your infrastructure on IBM Cloud Services. A few areas covered include:

  • Identity and Access Management (IAM) setting
  • Storage configurations
  • Maintenance, monitoring, and analysis of audit logs
  • IBM Cloud Databases family settings
  • Cloudant settings
  • Networking configurations
  • Container settings
  • Key management
  • IBM Cloud Certificate Manager

A huge thank you to all of the editors and contributors for all of the hard work that went into this CIS Benchmark!

Download the CIS IBM Cloud Foundations Benchmark PDF

CIS SecureSuite Members can visit CIS WorkBench to download other formats and related resources.

CIS Juniper OS Benchmark v2.1.0

Prescriptive guidance for establishing a secure configuration posture for Juniper Networks Devices including a core set of recommendations for all current Junos platforms including ACX, EX, MX, PTX, QFX, SRX, and T Series. Additional configuration is suggested when securing some platforms. To see full information relative to the coverage please see the CIS Benchmark description.

Special thanks to Martin White – without your dedication and knowledge this update would not have been possible!

Download the CIS Juniper OS Benchmark PDF

CIS SecureSuite Members can visit CIS WorkBench to download other formats and related resources.

CIS Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) Benchmark v1.0.0

Prescriptive guidance for running Oracle Kubernetes Engine (OKE) v1.15 following recommended security controls. This CIS Benchmark only includes controls which can be modified by an end user of OKE. For information on OKE's performance against the Kubernetes CIS Benchmarks, for items which cannot be audited or modified, see the OKE documentation at https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengoverview.htm

Download the CIS OKE Benchmark PDF

CIS SecureSuite Members can visit CIS WorkBench to download other formats and related resources.

CIS Oracle Cloud Infrastructure Foundations Benchmark v1.1.0

Prescriptive guidance for establishing a secure baseline configuration for the Oracle Cloud Infrastructure environment. Here are a few changes included in this update:

  • New recommendations for key rotation
  • New recommendation for authorization token rotation
  • Align password recommendations with the CIS password guidance
  • Added Cloud Guard audit procedures to multiple recommendations
  • New recommendations in the logging and monitoring section
  • Added section and recommendations for object storage settings
  • Added section and recommendations for asset management settings

Thank you to all of the editors and contributors for their time and effort!

Download the CIS Oracle Cloud Infrastructure Foundations PDF

CIS SecureSuite Members can visit CIS WorkBench to download other formats and related resources.

CIS Build Kits

CIS SecureSuite Members can check out and download our latest build kit releases to help you automate the configuration of your system to conform with the CIS Benchmark. We recommend reviewing all documentation and trying in a test environment first.

CIS_Benchmarks_Community

Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today! We're looking for contributors for the following technologies:

Have questions about the CIS Benchmark development process, how you can contribute, or how to get involved? Reach out to us at benchmarkinfo@cisecurity.org. You can also learn more on the CIS Benchmarks Community page: https://www.cisecurity.org/communities/benchmarks/