CIS Benchmarks August 2025 Update

The following CIS Benchmarks^® and CIS Build Kits have been updated or recently released. We've highlighted the major updates below. Each Benchmark and Build Kit includes a full changelog that references all changes.

CIS Benchmarks Updated Last Month

• CIS AWS End User Compute Services Benchmark v1.2.0
• CIS Cisco IOS XE 17.x Benchmark v2.2.1
• CIS Docker Benchmark v1.8.0
• CIS ExtremeNetworks SLX-OS-20.X.X Benchmark v1.0.1
• CIS Microsoft Windows Server 2019 Stand-alone Benchmark v3.0.0
• CIS Microsoft Windows Server 2019 STIG Benchmark v4.0.0

CIS AWS End User Compute Services Benchmark v1.2.0

We are excited to announce the publication of the updated CIS AWS End User Compute Services Benchmark v1.2.0. Here are some highlights of the work that was done:

• Community input has been incorporated to refine and improve key recommendations.
• Updates were made to align recommendations with best practices suggested by the broader community.
• Several recommendations have been updated to reflect more accurate guidance based on community feedback.

Thanks to our AWS community!

Download the CIS AWS End User Compute Services Benchmark v1.2.0  in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Cisco IOS XE 17.x Benchmark v2.2.1

We are pleased to announce that we are releasing the updated CIS Cisco IOS XE 17.x Benchmark v2.2.1. This release is to address a bug in the automated assessment for CIS-CAT Pro.

Thank you to the Cisco community for your input, and a special thanks to Alexander Rasmussen and Amy Raymond for your diligent efforts.

Download the CIS Cisco IOS XE 17.x Benchmark v2.2.1 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Docker Benchmark v1.8.0

This Benchmark includes:

• Support for the latest release of Docker Server v28.
• 27 recommendations, audits and remediations have been updates and improved.

Lots of time and effort goes into updating and testing these releases. Thank you to the CIS VMWare Community for making this happen. Special thanks to Tony Wilwerding for his dedication to making this Benchmark the best it can be.

Download the CIS Docker Benchmark v1.8.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS ExtremeNetworks SLX-OS-20.X.X Benchmark v1.0.1

We are pleased to announce the bug fix release for CIS ExtremeNetworks SLX-OS-20.X.X Benchmark v1.0.1. A lot of work went into addressing the tickets submitted for this release. Here is what was changed:

• Updated 2 tickets to address false fails in CIS-CAT content

We would like to thank the ExtremeNetworks community for their diligent efforts to address any issues.

Download the CIS ExtremeNetworks SLX-OS-20.X.X Benchmark v1.0.1  in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Microsoft Windows Server 2019 Stand-alone Benchmark v3.0.0

Our team has devoted significant time and effort to enhance the content of this Benchmark, ensuring it remains relevant and valuable to members. Here's a quick overview of the key improvements we've made in this update:

• Added 16 new security settings
• Updated 10 settings
• Removed 4 settings
• Renamed three settings
• Moved one  setting
• Moved, added, and removed sections due to updated ADMX templates

A change log detailing the modifications made is included in the Word Doc and PDF versions of the Benchmark. A huge thank you to the CIS Windows Community and Windows Team for making this benchmark happen. Special thanks to Haemish Edgerton and Aaron Margosis

Download the CIS Microsoft Windows Server 2019 Stand-alone Benchmark v3.0.0 in PDF.

CIS SecureSuite Members can visit CIS Work here to download other formats and related resources. 

CIS Microsoft Windows Server 2019 STIG Benchmark v4.0.0

Our team has devoted significant time and effort to enhance the content of this Benchmark, ensuring it remains relevant and valuable to members. Here's a quick overview of the key improvements we've made in this update:

• Rewrote entire Benchmark
• Removed one STIG Rule
• Added three STIG Rules

A change log detailing the modifications made is included in the Word Doc and PDF versions of the Benchmark. A huge thank you to the CIS Microsoft Area Team for making this Benchmark happen.

Download the CIS Microsoft Windows Server 2019 STIG Benchmark v4.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

This Benchmark is from STIG Version 3, Release 3.

Download the CIS Cisco NX OS Switch RTR STIG Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

We are excited to announce that we have released both new CIS DigitalOcean Foundations Benchmark v1.0.0 and CIS DigitalOcean Services Benchmark v1.0.0! These two Benchmarks represent the initial coverage of the Digital Ocean CSP environment.

Along with various ‘Foundational’ settings these are some of the other services that are covered by these Benchmarks:

Thank you to all in the community that have contributed to the update of these Benchmarks! A special thanks to Beatrix House and the rest of the DigitalOcean team for their significant contributions.

Download the DigitalOcean Benchmarks in PDF.

CIS SecureSuite Members can visit CIS WorkBench  here to download other formats and related resources for the CIS DigitalOcean Foundations Benchmark v1.0.0, and here for the CIS DigitalOcean Services Benchmark v1.0.0.