CIS Benchmarks January 2024 Update

CIS-Benchmarks

The following CIS Benchmarks™ and CIS Build Kits have been updated or recently released. We've highlighted the major updates below. Each Benchmark and Build Kit includes a full changelog that references all changes.

CIS Benchmarks Updated in December

CIS Amazon Linux 2 Benchmark v3.0.0

Some items of note for this update are:

  • Addressed 353 tickets
  • Added 211 new recommendations
  • Dropped 142 recommendations
  • Updated 116 recommendations

Download the CIS Amazon Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS CentOS Linux 7 Benchmark v4.0.0 – FINAL UPDATE

Some items of note for this Final Update of the CIS CentOS Linux 7 Benchmark are:

  • Addressed 353 tickets
  • Added 220 new recommendations
  • Dropped 146 recommendations
  • Updated 120 recommendations

Download the CIS CentOS Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Cisco NX-OS Benchmark v1.1.0

Some items of note for this update are:

  • Addressed 15 tickets
  • Added five recommendations
  • Removed three recommendations

Special thanks to Daniel Brown for his dedication to getting this Benchmark out before the end of the year.

Download the CIS Cisco Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows Server 2019 STIG Benchmark v2.0.0

Some items of note for this update are:

  • Removed three recommendations
  • Added 16 new recommendations
  • Updated three recommendations
  • Moved two recommendations
  • Several section changes

A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen.

Download the CIS Microsoft Windows Server Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Oracle Database 19c Benchmark v1.2.0

For this release, we revised audit and remediation procedures for three recommendations.

Thank you to the community, whose contributions are invaluable to our consensus process. Special thanks go to Jay Mehta, Nelly Chng, and Emad Al-Mousa for their contributions to this release. 

Download the CIS Oracle Database Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Oracle Linux 7 Benchmark v4.0.0 – FINAL UPDATE

Some items of note for the Final Update of the CIS Oracle Linux 7 Benchmark are:

  • Addressed 353 tickets
  • Added 220 new recommendations
  • Dropped 146 recommendations
  • Updated 120 recommendations

Download the CIS Oracle Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Oracle Solaris 11.4 Benchmark v1.1.0 – FINAL UPDATE

We are excited to announce the publication of the Final Update for the CIS Oracle Solaris 11.4 Benchmark v1.1.0.

Download the CIS Oracle Solaris Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Red Hat Enterprise Linux 7 Benchmark v4.0.0 – FINAL UPDATE

Some items of note for the Final Update of the CIS Red Hat Enterprise Linux 7 Benchmark are:

  • Addressed 353 tickets
  • Added 220 new recommendations
  • Dropped 148 recommendations
  • Updated 120 recommendations

Download the CIS Red Hat Enterprise Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

New CIS Benchmarks Released in December

CIS Microsoft Windows Server 2019 Stand-alone Benchmark v1.0.0

Our team has invested considerable time and effort into enhancing the Benchmark's content, ensuring its continued relevance and value to our members. A huge thank you to the Microsoft Windows Team for making this Benchmark happen.

Download the CIS Microsoft Windows Server Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Cisco Firepower Threat Defense Benchmark v1.0.0

Our team invested a lot of time and effort in releasing this Benchmark. A massive thank you to Daniel Brown, Rob Vandenbrink, and Paul Beyers. Without them, this Benchmark would not be possible.

Download the CIS Cisco Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows Server 2022 STIG Benchmark v1.0.0

Our team has invested considerable time and effort into enhancing the Benchmark's content, ensuring its continued relevance and value to our Members. A huge thank you to the Microsoft Windows Team for making this Benchmark happen.

Download the CIS Microsoft Windows Server Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Build Kits Released in December

CIS Google Kubernetes Engine (GKE) Benchmark v1.5.0

The resource provides prescriptive guidance for running Google Kubernetes Engine (GKE) v1.27.3, 1.27.7, and 1.28.3.

Some highlights of this Build Kit include:

  • The AAC has been validated against all available cluster versions
  • Over 100 recommendations have been updated and improved
  • All recommendations have been evaluated and reviewed by the community and Google’s (GKE) compliance team

This CIS Build Kit exemplifies the great things a community of users, vendors, and subject matter experts can accomplish through consensus collaboration. The CIS community thanks the entire consensus team, with special recognition to Poonam Lamba, Michele Chubirka, Shannon Kularathana, and Vinayak Goyal.

Download the CIS Kubernetes Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Red Hat Enterprise Linux 8 Benchmark v3.0.0

This CIS Build Kit supports all profiles available in the Benchmark and will remediate the target accordingly. In testing against a default Red Hat installation for the Level 2 Server profile, the Build Kit remediates more than 100 default settings that do not comply with the Benchmark guidance. A follow-up scan by CIS-CAT Pro Assessment returns a PASS result over 90%.

Some highlights of this Build Kit include:

  • New scripts for the PAM section
  • New scripts for the section relating to local user accounts authentication
  • New scripts for the section for OpenSSH to better account for include statements and drop-in configuration files

Download the CIS Red Hat Enterprise Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Red Hat OpenShift Container Platform Benchmark v1.5.0

This resource includes support for the latest version of Red Hat OpenShift v4.14.

Some highlights of this CIS Build Kit include: 

  • All recommendations have been evaluated to support the latest Openshift version
  • The AAC has been validated against the latest version of OpenShift v4.14
  • All recommendations that reference file permissions have been aligned

This Build Kit exemplifies the great things a community of users, vendors, and subject matter experts can accomplish through consensus collaboration. The CIS community thanks the entire consensus team, with special recognition to Lance Bragstad.

Download the CIS Kubernetes Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

Additional CIS Benchmarks Announcements

Are you interested in providing feedback to the CIS Benchmarks Product Team about the prioritization of the Benchmarks recommendations and/or how the Level 1 and Level 2 recommendations are categorized? We’d love to hear from you! Contact [email protected].

    

 

Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today! We're looking for contributors for the following technologies:

 

   
If you're interested, please reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.