HomeInsightsBlog PostsCIS Benchmarks August 2023

CIS Benchmarks August 2023

CIS-Benchmarks

The following CIS Benchmarks have been updated. We've highlighted the major updates below. Each Benchmark includes a full changelog that can be referenced to see all changes made.

CIS Benchmarks Updated in July

Three Updated CIS Benchmarks for Apple macOS

Major changes for the macOS 11.0 Big Sur, 12.0 Monterey, and 13.0 Ventura updates include the following:

  • Moved from individual user audits to requiring system-wide profiles
  • Added a more verbose output to the audits
  • Created the first Apple Silicon-specific recommendation and included better guidance on resuming the OS from sleep
  • Added mobile profile configurations to several recommendations that previously did not have the guidance

Within the associated CIS Build Kits, we have added an option that combines the existing profiles into fewer files to install or upload to an MDM.

Special thanks go out to Ron Colvin, William Harrison, Bob Gendler, and John Mahlman.

Download the CIS Apple macOS Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench herehere, and here to download other formats and related resources.

CIS Microsoft IIS 10 Benchmark v1.2.1

The CIS team has devoted significant time and effort to enhancing the CIS-CAT content for this Benchmark, ensuring it remains relevant and valuable to members.

Here's a look at what we did to produce this updated Benchmark:

  • Added CIS-CAT coverage for 14 recommendations

A huge thank you to the CIS team for making this happen.

Download the CIS Microsoft IIS Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows 10 EMS Gateway Benchmark v2.0.0

Here's a quick overview of the key improvements we've made in this update:

  • Added 21 new security settings
  • Updated four settings
  • Removed two settings
  • Moved one setting (section change)
  • Moved, added, and removed sections due to updated ADMX templates

A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen.

Download the CIS Microsoft Windows Desktop Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS pfSense Firewall Benchmark v1.1.0

Here is a highlight of the work that was done:

  • Added new recommendations to fall in line with what the community requested

A huge thank you to the CIS pfSense Community for making this happen. Special thanks go to Daniel Brown.

Download the CIS pfSense Firewall Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

Additional CIS Benchmarks Announcements

Mitigate CVE-2023-36884 with CIS Microsoft Windows Benchmarks

CVE-2023-36884 covers multiple RCE vulnerabilities that affect Microsoft Windows and Office products. In a security advisory, Microsoft explains that it "is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents."

A patch for CVE-2023-36884 is not available as of this writing. While you wait for a fix, you can implement any of the following CIS Microsoft Windows Workstation/Server Benchmarks to mitigate this vulnerability: Microsoft Windows 10, Windows 11, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, and Windows Server 2022.

Our research shows that doing so mitigates CVE-2023-36884. (Microsoft's recommendations in the security advisory above align with what's already present in our CIS Benchmarks and CIS Hardened Images.)

The following security recommendations mitigate the vulnerabilities (recommendations are sourced from the CIS Microsoft Windows 10 Benchmark):

  • 18.10.43.6.1.1 (L1) Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled'
  • 18.10.43.6.1.2 (L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured

Reviewing CIS Password Policy Guidance

We are approaching a review of our CIS Password Policy guide. If you’re interested in participating or providing feedback, please reach out to [email protected] or join the community and indicate your interest.

 

Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today! We're looking for contributors for the following technologies:

 

   
If you're interested, please reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.

Related Resources