CIS Benchmarks December 2025 Update
The following CIS Benchmarks and CIS Build Kits have been updated or recently released. We've highlighted the major updates below. Each Benchmark and Build Kit includes a full changelog that references all changes.
CIS Benchmarks Updated Last Month
- CIS Azure Kubernetes Service (AKS) Benchmark v1.8.0
- CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.8.0
- CIS Ubuntu Linux 22.04 Benchmark v3.0.0
- CIS Apple macOS 15.0 Sequoia Benchmark v2.0.0
- CIS Apple macOS 14.0 Sonoma Benchmark v3.0.0
- CIS Apple macOS 13.0 Ventura Benchmark v4.0.0
- CIS Microsoft SQL Server 2019 Benchmark v1.5.1
- CIS Microsoft 365 Foundations Benchmark v6.0.0
- CIS IBM Cloud Foundations Benchmark v2.0.0
CIS Azure Kubernetes Service (AKS) Benchmark v1.8.0
We are happy to announce the publication of CIS Azure Kubernetes Service (AKS) Benchmark v1.8.0. This Benchmark includes support for Kubernetes clusters built on Kubernetes v1.32, 1.33 & 1.34:
- 12 recommendations have been automated with Script Check Engine (SCE)
- Over 40 recommendations have been edited and enhanced
- The Benchmark and recommendations have been updated to support Kubernetes v1.32, 1.33, 1.34
Lots of time and effort goes into creating a new technology release Benchmark. A huge thank you to the CIS Kubernetes Community for making this happen. Special Thanks to Mark Larinde for his dedication to making this Benchmark the best it can be.
Download the CIS Azure Kubernetes Service (AKS) Benchmark v1.8.0 in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.8.0
We are happy to announce the publication of CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.8.0. This Benchmark includes support for Kubernetes clusters built on Kubernetes v1.32, 1.33 & 1.34:
- 12 recommendations have been automated with Script Check Engine (SCE)
- Over 30 recommendations have been edited and enhanced
- The bBnchmark and recommendations have been updated to support Kubernetes v1.32, 1.33, 1.34
A huge thank you to the CIS Kubernetes Community for making this happen. Special Thanks to Mark Larinde for his dedication to making this Benchmark the best it can be.
Download the CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.8.0 in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Ubuntu Linux 22.04 Benchmark v3.0.0
We are excited to announce the publication of the final update of CIS Ubuntu Linux 22.04 LTS Benchmark v3.0.0. A lot of effort has gone into analyzing and adding content to this Benchmark. Here are some highlights of the work that was done:
- ADDED 94 Recommendations and five Sections
- DROPPED 88 Recommendations and seven Sections
- MOVED 50 Recommendations and 11 Sections
- UPDATED 110 Recommendations and 17 Sections
A special thank you to the Linux Community and the Nix team; without their hard work, this Benchmark would not have been possible.
Download the CIS Ubuntu Linux 22.04 Benchmark v3.0.0 in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Apple macOS 15.0 Sequoia Benchmark v2.0.0
Major milestones for this updated release:
- Updated guidance for features added to the operating system since the initial release
- Change to guidance around software updates and deferments
- Added missing functionality that was not auditable in previous versions of the Benchmarks
Special thanks to Ron Colvin, William Harrison, Bob Gendler, and John Mahlman.
Download the CIS Apple macOS 15.0 Sequoia Benchmark v2.0.0 in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Apple macOS 14.0 Sonoma Benchmark v3.0.0
Major milestones for this updated release:
- Updated guidance for features added to the operating system since the initial release
- Change to guidance around software updates and deferments
- Added missing functionality that was not auditable in previous versions of the Benchmarks
Special thanks to Ron Colvin, William Harrison, Bob Gendler, and John Mahlman.
Download the CIS Apple macOS 14.0 Sonoma Benchmark v3.0.0 in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Apple macOS 13.0 Ventura Benchmark v4.0.0
Major milestones for the final update being released are:
- Updated guidance for features added to the operating system since the initial release
- Change to guidance around dictation and Siri usage
- Added missing functionality that was not auditable in previous versions of the Benchmarks
Special thanks to Ron Colvin, William Harrison, Bob Gendler, and John Mahlman.
Download the CIS Apple macOS 13.0 Ventura Benchmark v4.0.0 in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Microsoft SQL Server 2019 Benchmark v1.5.1
We are excited to announce the publication of a bug fix release for CIS Microsoft SQL Server 2019 Benchmark v1.5.1:
-
Fixed an artifact issue for one recommendation to be included in the upcoming CIS-CAT release
A change log detailing the modifications made is included in the Doc and PDF versions of the Benchmark.
Download the CIS Microsoft SQL Server 2019 Benchmark v1.5.1 in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Microsoft 365 Foundations Benchmark v6.0.0
We are excited to announce the CIS Microsoft 365 Foundations Benchmark v6.0.0 has been published. Here's a quick overview of the key improvements we've made in this update:
- Added 13 new recommendations
- Removed 3 recommendations
- Updated 34 recommendations
- General spelling and grammar corrections
A huge thank you to the Microsoft 365 team for making this Benchmark happen.
Download the CIS Microsoft 365 Foundations Benchmark v6.0.0 in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS IBM Cloud Foundations Benchmark v2.0.0
We are excited to announce that the updated Version 2.0.0 of the CIS IBM Cloud Foundations Benchmark has been published! This update contains many updates to the Benchmark. A full change log is included with the PDF and Doc versions. Here is a brief list with some of the changes included in this update:
- Added new section for Power Virtual Servers
- Added 18 new recommendation
- Update Audit and remediation steps on many recommendations to match changes made to the console interface
- Removed 15 obsolete recommendations
Thank you to all of the editors and contributors for the work that went into this Benchmark! A special thank you to all of the editors from the IBM team, lead by Bernal Murillo Ávila and Brian Griffin!!
Download the CIS IBM Cloud Foundations Benchmark v2.0.0 in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
New CIS Benchmarks Released Last Month
- CIS OpenShift Virtualization Benchmark v1.0.0
- CIS Apple iPadOS 26 Benchmark v1.0.0
- CIS Apple iOS 26 Benchmark v1.0.0
- CIS Apple macOS 26 Tahoe Benchmark v1.0.0
- CIS Tencent Cloud Foundations Benchmark v1.0.0
- CIS Oracle SaaS Cloud Applications Benchmark v1.0.0
CIS OpenShift Virtualization Benchmark v1.0.0
This Benchmark includes support for OpenShift Virtulization 4.19
A huge thank you to Zhe Peng and the Redhat Team for providing the content and resources to make this Benchmark a reality. Thanks, as always, to the virtualization community for providing consensus review and controls mapping guidance. You have helped make this Benchmark the best it can be!
Download the CIS OpenShift Virtualization Benchmark v1.0.0 in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Apple iPadOS 26 Benchmark v1.0.0
Here are some highlights of the work that was done:
- Updated guidance for both of Apple's new mobile OS platforms
- Added guidance around features of the new OSA
A huge thank you to the CIS Apple iOS Community for making this Benchmark happen. Special thanks to Pierluigi Falcone and Ron Colvin.
Download the CIS Apple iPadOS 26 Benchmark v1.0.0 in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Apple iOS 26 Benchmark v1.0.0
We are excited to announce the publication of the new CIS Apple iOS 26 v1.0.0 Benchmarks.
A lot of effort has gone into analyzing and adding content to the iOS Benchmark. Here are some highlights of the work that was done:
- Updated guidance for both of Apple's new mobile OS platforms
- Added guidance around features of the new OS
A huge thank you to the CIS Apple iOS Community for making this Benchmark happen. Special thanks to Pierluigi Falcone and Ron Colvin.
Download the CIS Apple iOS 26 Benchmark v1.0.0 in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Apple macOS 26 Tahoe Benchmark v1.0.0
Major milestones for these new and updated releases:
- Updated guidance for Apple's newest operating system and added new recommendations based on new functionality in macOS 26
- Added missing functionality that was not auditable in previous versions of the benchmarks
Special Thanks to Ron Colvin, William Harrison, Bob Gendler, and John Mahlman.
Download the CIS Apple macOS 26 Tahoe Benchmark v1.0.0 in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Tencent Cloud Foundations Benchmark v1.0.0
This security configuration benchmark covers foundational elements of Tencent Cloud. The recommendations detailed here provides prescriptive guidance for configuring security options for a subset of Tencent Cloud services with an emphasis on foundational, testable, and architecture agnostic settings. Specific Tencent Cloud Services in scope for this document include:
- Cloud Access Management(CAM)
- Virtual Private Cloud (VPC)
- Cloud Object Storage(COS)
- TencentDB for MySQL
- Tencent Kubernetes Engine (TKE)
- Key Management Service (KMS)
- Cloud Load Balancer(CLB)
- Cloud Log Service(CLS)
- Cloud Block Storage(CBS)
- Cloud Audit (CA)
- Cloud Security Center(CSC)
- Cloud Workload Protection Platform(CWPP)
- Tencent Container Security Service(TCSS)
- Web Application Firewall(WAF)
- Cloud Firewall(CFW)
- TencentCloud EdgeOne(EO)
A huge thank you to the team from Tencent for the time they put in creating this Benchmark!
Download the CIS Tencent Cloud Foundations Benchmark v1.0.0 in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Oracle SaaS Cloud Applications Benchmark v1.0.0
We are excited to announce the release of the CIS Oracle SaaS Cloud Applications Benchmark v1.0.0. A lot of time and effort has gone into the creation of this new Benchmark. Version 1.0.0 contains settings coverage for the Oracle Fusion and EPM SaaS Applications in areas such as:
- Identity and Access Management
- Networking
- Logging and Monitoring
- Application Configuration Management
- Application Access Control
The Benchmark is available for download in the Files/Downloads section of WorkBench.
A huge thank you to Josh Hammer, Barry Greenhut, and Roland Koenn for the of time they put in authoring this Benchmark!
Download the CIS Oracle SaaS Cloud Applications Benchmark v1.0.0 in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today!
If you're interested, please reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.
As of June 23, 2025, the MS-ISAC has introduced a fee-based membership. Any potential reference to no-cost MS-ISAC services no longer applies.