×
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Why CIS

Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world



About Us Leadership Principles Testimonials

Solutions

secure your organization
Secure Your Organization


secure specific platforms
Secure Specific Platforms


cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments


View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities



CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers

Resources

resources
Resources


learn
Learn


filter by topic
Filter by Topic


View All Resources  
CIS Logo Show Search Expand Menu

CIS Benchmarks January 2021 Update

CIS-Benchmarks

 

CIS is excited to announce the release of the following CIS Benchmarks. These CIS Benchmark releases would not have been possible without the time and support of community contributors through the form of tickets, comments, and joining our community calls. Your contributions are invaluable to our consensus process and we thank you for volunteering.

CIS Cisco NX-OS Benchmark v1.0.0

Prescriptive guidance for establishing a secure configuration posture for Cisco devices running Cisco NX-OS.

Special thanks to Rob Vandenbrink for his contribution to this initial release.

Download the CIS Cisco NX-OS Benchmark PDF

CIS SecureSuite Members can visit CIS WorkBench to download other formats and related resources.

CIS Apache Tomcat 9 Benchmark v1.0.0

Prescriptive guidance for establishing a secure configuration posture for Apache Tomcat versions 9.0 running on Linux. This guide was tested against Apache Tomcat 9.0 as installed by tar packages provided by Apache. Major changes in this release:

  • The recommendation 'Enable strict servlet Compliance’ has been moved to Level 2 due its potential impact
  • Guidance on using TLS has been updated to recommend TLS versions 1.2 and/or 1.3
  • A new recommendation to encrypt Manager Application Passwords has been added
  • Artifacts have been added to numerous recommendations in support of new automated assessment content to be included in a future release of CIS-CAT

Special thanks to Joern Krueger, James Scott, and Ardnor Zeqiri for their contributions to this release.

Download the CIS Apache Tomcat 9 Benchmark PDF

CIS SecureSuite Members can visit CIS WorkBench to download other formats and related resources.

CIS Apple macOS 10.12 Benchmark v1.2.0

Prescriptive guidance for establishing a secure configuration posture for Apple macOS 10.12. This guide was tested against Apple macOS 10.12. Major changes in this release:

  • Updated audits and remediations for the password policy section
  • Added CIS Controls v7.1

Special thanks to Ron Colvin and William Harrison for their work on this release.

Download the CIS Apple macOS 10.12 v1.2.0 Benchmark PDF

CIS SecureSuite Members can visit CIS WorkBench to download other formats and related resources.

CIS Alibaba Cloud Foundation Benchmark v1.0.0

This is a brand new CIS Benchmark for Alibaba Cloud. It contains prescriptive guidance for configuring security options for a subset of Alibaba Cloud services with an emphasis on foundational, testable, and architecture agnostic settings. Here is a brief glimpse of what is covered:

  • Identity and Access Management (IAM) settings
  • Logging and monitoring configurations
  • Networking settings
  • Virtual Machine settings
  • Storage configuration
  • Relational Database Services (RDS) settings
  • Kubernetes Engine settings
  • Alibaba Cloud Security Center settings

A huge thanks to the community, editors, and the Alibaba Cloud team for all of the work that went into creating and this initial release.

Download the CIS Alibaba Cloud Foundation Benchmark PDF

CIS SecureSuite Members can visit CIS WorkBench to download other formats and related resources.

CIS_Benchmarks_Community

Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today! We're looking for contributors for the following technologies:

Have questions about the CIS Benchmarks development process and how to get involved? Reach out to us at benchmarkinfo@cisecurity.org. You can also learn more on the CIS Benchmarks Community page.