CIS Benchmarks January 2023 Update
Updated CIS NGINX Benchmark v2.0.0
Some highlights of this updated Benchmark include:
- Support for and tested against NGINX v1.22
- Revised Audits and Remediations
- Added new SCE scripts
A huge thank you to the entire CIS NGINX Community for making this happen!
Download the CIS NGINX Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
Updated CIS Oracle Database 19c Benchmark v1.1.0
Highlights of this updated Benchmark include the following:
- New recommendations limiting the AUDIT_ADMIN role, requiring data-in-transit encryption, and requiring that PDB_OS_CREDENTIAL isn't null
- Ensuring proper evaluation for both PDB and CDB configurations where previously omitted
Thank you to the CIS Oracle Community. Your contributions are invaluable to our consensus process. A special thanks goes to Jay Mehta, Joe Testa, Nelly Chng, and Emad Al-Mousa!
Download the CIS Oracle Database Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
Three New Linux Benchmarks
We've released three new Linux Benchmarks:
- CIS AlmaLinux OS 9 Benchmark v1.0.0
- CIS Oracle Linux 9 Benchmark v1.0.0
- CIS Rocky Linux 9 Benchmark v1.0.0
A huge thank you to the CIS Linux Community for making this happen. A special thanks goes to Jon Christopherson, Graham Eames, James Trigg, Simon John, and Tamas Tevesz!
Download the CIS AlmaLinux OS Benchmark, CIS Oracle Linux Benchmark, and CIS Rocky Linux Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here, here, and here, respectively, to download other formats and related resources.
New CIS Microsoft Office Enterprise Benchmark v1.0.0
This Benchmark is an amalgamation of the formerly named Word, Outlook, Excel, PowerPoint, and Office Benchmarks. Due to this, the document and the Automated Assessment Content available in CIS-CAT Pro have undergone numerous changes. Here are some highlights:
- Combined Office Benchmarks into a single Benchmark
- Added 31 new recommendations
- Removed 13 recommendations with no security value or that are organization-specific
- Updated 45 recommendations
- Updated artifacts in all 239 recommendations to use more efficient registry key detection
With this release, we hope to revitalize the CIS Microsoft Office Community. (It has been looking for a new version of the Office Benchmark for a long time.) Thank you to all of those that contributed!
Download the CIS Microsoft Office Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
New CIS PostgreSQL 15 Benchmark v1.0.0
Thanks to members of the CIS PostgreSQL Community who participated in general and ticket-specific discussions. A special thanks goes to Doug Hunley and Crunchy Data for their significant contributions!
Download the CIS PostgreSQL Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
New CIS Microsoft Dynamics 365 Power Platform v1.0.0
This Benchmark provides prescriptive guidance for establishing a secure configuration posture for Microsoft Dynamics 365 Power Platform running in the cloud on any OS.
CIS extends special recognition and thanks to Kai Markl and Joao Espirito Santo from Siemens for their collaboration in developing the configuration recommendations.
Download the CIS Microsoft Dynamics 365 Power Platform Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today! We're looking for contributors for the following technologies:
- Cisco (preferred focus on NX-OS, ACI, ASA, iOS, Meraki, Firepower)
- Fortinet (preferred focus on FortiGate)
- F5 Networks
- Juniper Networks (preferred focus on Junos OS)
- MariaDB
- Palo Alto Networks
- pfSense
- VMware (preferred with EXSI expertise)
