CIS Benchmarks December 2021 Update

CIS-Benchmarks

The following CIS Benchmarks have been updated or released.  We’ve highlighted the major updates below. Each Benchmark includes a full changelog that can be referenced to see all changes made. 

CIS F5 Networks Benchmark v1.0.0

This new Benchmark provides prescriptive guidance for establishing a secure configuration posture for F5 Networks.
Thanks to the entire CIS F5 community for their assistance in releasing the first version of this Benchmark. Special thanks to Omar Battis for his hard work and time.

CIS SecureSuite Members can visit CIS WorkBench to download other formats and related resources.

CIS Apple macOS Benchmarks

Several Apple macOS Benchmarks were updated, including:
  • CIS Apple macOS 10.14 Mojave Benchmark v2.0.0
  • CIS Apple macOS 10.15 Catalina Benchmark v2.0.0
  • CIS Apple macOS 11.0 Big Sur Benchmark v2.0.0
The major changes include the following additions:
  • A third methodology using macOS Configuration Profiles (in addition to the existing GUI and CLI)
  • Three new automated checks for recommendations that were previously manual
  • Additional recommendations to expand on guidance that was previous not included
Special thanks to Ron Colvin, William Harrison, Laura Gardner, Mauro Faccenda, Michael Scarborough, and Jason Olsen.

CIS SecureSuite Members can visit CIS WorkBench to download other formats and related resources.

CIS macOS Build Kits

Build Kits are available for the above macOS versions, focused on using macOS mobile configuration profiles. Highlights include:
  • 46 individual recommendations in macOS 10.14
  • 47 individual recommendations in macOS 10.15 and in macOS 11.0
  • Can be installed locally on the machine, or be deployed through an MDM
  • Individual configuration profiles for users who need to tailor the Benchmark to their organization’s needs
Special thanks to the macOS Security Compliance team from NIST and NASA (Bob Gendlre, Allen Golbig, Dan Brodjieski, and Jason Blake).
CIS SecureSuite Members can visit CIS WorkBench to download Build Kits.

CIS Amazon Linux 2 STIG Benchmark v2.0.0

Below is a summary of changes by the numbers. Remember, you can always view the changelog in the PDF or DOC version of the Benchmark for a complete list of updates.
  • 114 updated recommendations
  • 100 deleted recommendations
  • 100 new recommendations
Thanks to the entire CIS Amazon Linux Community for their support.

CIS SecureSuite Members can visit CIS WorkBench to download other formats and related resources.

CIS Red Hat Enterprise Linux 8 STIG Benchmark v1.0.0

This Benchmark provides profiles specific to DISA STIG guidance for Red Hat Enterprise Linux 8, along with standard CIS profiles.
Thanks to the entire CIS Red Hat community for their support on this effort.

CIS SecureSuite Members can visit CIS WorkBench to download other formats and related resources.

CIS Red Hat Enterprise Linux 7 STIG Benchmark v2.0.0 Update

Below is a summary of changes by the numbers. Remember, you can always view the changelog in the PDF or DOC version of the Benchmark for a complete list of updates.
  • 116 updated recommendations
  • 99 deleted recommendations
  • 102 new recommendations
Thanks to the entire CIS Red Hat Enterprise Linux community for their support.

CIS SecureSuite Members can visit CIS WorkBench to download other formats and related resources.

CIS Microsoft Azure Foundations Benchmark v1.4.0 Update

Here are just a few changes included in this update:
  • Renamed Azure Defender to Microsoft Defender
  • Removed of multiple recommendations for features that have been deprecated
  • Updated reference links in multiple recommendations
  • Added MySQL database section
Thanks to the entire CIS Microsoft Azure Foundations Community for their support.

CIS SecureSuite Members can visit CIS WorkBench to download other formats and related resources.

CIS Google Kubernetes Engine (GKE) Benchmark v1.2.0 Update

This Benchmark is now based on Kubernetes v1.2.0. It includes updated mappings to the CIS Critical Security Controls (CIS Controls) and also includes mappings to MITRE ATT&CK Techniques.

Thanks to the entire CIS Kubernetes Community for their support on this effort. Special thanks to Andrew Martin, Rowan Baker, and Kevin Ward.

CIS SecureSuite Members can visit CIS WorkBench to download other formats and related resources.


CIS_Benchmarks_Community

Get Involved: Be a Volunteer

Curious about the CIS Benchmarks development process, how you can contribute, or how to get involved? Reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.