HomeInsightsBlog PostsCIS Benchmarks July 2025 Update

CIS Benchmarks July 2025 Update

CIS-Benchmarks

The following CIS Benchmarks® and CIS Build Kits have been updated or recently released. We've highlighted the major updates below. Each Benchmark and Build Kit includes a full changelog that references all changes.

CIS Benchmarks Updated Last Month

CIS Apple iOS 17 Benchmark v1.1.0

We are pleased to announce the final update to the CIS Apple iOS 17 Benchmark v1.1.0.

  • This final update does not contain new guidance.

 Thank you to the CIS Apple iOS Community for contributing to past versions of this Benchmark.

Download the CIS Apple iOS 17 Benchmark v1.1.0  in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Apple iPadOS 17 Benchmark v1.1.0

We are pleased to announce the final update to the CIS Apple iPadOS 17 Benchmark v1.1.0 

  • This final update does not contain new guidance.

Thank you to the CIS Apple iOS Community for contributing to past versions of this Benchmark.

Download the Apple iPadOS 17 Benchmark v1.1.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Apple iOS 18 Benchmark v1.1.0

A lot of effort has gone into analyzing and adding content to this Benchmark.

Here are some highlights of the work that was done:

  • Guidance created around Apple Intelligence
  • The Apple Intelligence recommendations are inline with the macOS recommendations
  • Updated guidance for features added to the operating system since the initial release

A huge thank you to the CIS Apple iOS Community for making this Benchmark happen. Special thanks to Pierluigi Falcone and Ron Colvin.

Download the CIS Apple iOS 18 Benchmark v1.1.0   in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Apple iPadOS 18 Benchmark v1.1.0

We are excited to announce the publication of the updated CIS Apple iPadOS 18 Benchmark v1.1.0. A lot of effort has gone into analyzing and adding content to this Benchmark. Here are some highlights of the work that was done:

  • Guidance created around Apple Intelligence
  • The Apple Intelligence recommendations are inline with the macOS recommendations
  • Updated guidance for features added to the operating system since the initial release

A huge thank you to the CIS Apple iOS Community for making this Benchmark happen. Special thanks to Pierluigi Falcone and Ron Colvin.

Download the CIS Apple iPadOS 18 Benchmark v1.1.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Apple macOS 13.0 Ventura Benchmark v3.1.0

Major milestones for the update:

  • Updated guidance for features added to the operating system since the initial release
  • Change to guidance around dictation and Siri usage
  • Added missing functionality that was not auditable in previous versions of the Benchmarks

Special thanks to Ron Colvin, William Harrison, Bob Gendler, and John Mahlman.

Download the CIS Apple macOS 13.0 Ventura Benchmark v3.1.0   in PDF.

CIS SecureSuite Members can visit CIS Work here to download other formats and related resources. 

CIS Apple macOS 14.0 Sonoma Benchmark v2.1.0

Major milestones for the update:

  • Updated guidance for features added to the operating system since the initial release
  • Change to guidance around dictation and Siri usage
  • Added missing functionality that was not auditable in previous versions of the Benchmarks

Thanks to the Community for the tickets submitted for the changes that went into this long awaited update to the Benchmark. Special thanks to Ron Colvin, William Harrison, Bob Gendler, and John Mahlman.

Download the CIS Apple macOS 14.0 Sonoma Benchmark v2.1.0  in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Apple macOS 15.0 Sequoia Benchmark v1.1.0

Here's a quick overview of the key improvements we've made in this update:

  • Apple Intelligence security guidance added
  • Updated guidance for features added to the operating system since the initial release
  • Change to guidance around dictation and Siri usage
  • Added missing functionality that was not auditable in previous versions of the Benchmarks

Special Thanks to Ron Colvin, William Harrison, Bob Gendler, and John Mahlman.

Download the CIS Apple macOS 15.0 Sequoia Benchmark v1.1.0  in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Alibaba Cloud Foundation Benchmark v2.0.0

Here's a quick overview of the key improvements we've made in this update:

  • Updated All CIS Critical Controls Mapping
  • Multiple changes in console steps for Audit and remediation
  • Updated to meet current password policy
  • Move a couple recommendation to L1
  • Added CLI audit methods

Download the CIS Alibaba Cloud Foundation Benchmark v2.0.0  in PDF.

CIS SecureSuite Members can visit CIS here to download other formats and related resources. 

CIS Cisco IOS XE 16.x Benchmark v2.2.0

We are excited to announce the Final Release of CIS Cisco IOS XE 16.x Benchmark v2.2.0

  • Addressed 2 tickets regarding AAC false fails

Thank you to the CIS Cisco Community for making this final Benchmark release happen.

Download the CIS Cisco IOS XE 16.x Benchmark v2.2.0  in PDF.

CIS SecureSuite Members can visit CIS WorkBench  here to download other formats and related resources. 

CIS Microsoft Azure Compute Services Benchmark v2.0.0

Summary of changes in this latest version:

  • “App Service” section now contains sub-sections specific to: App Service Apps, App Service Deployment Slots, Function Apps, Function App Deployment Slots.
  • 71 Recommendations Added
  • 29 Recommendations Updated
  • “Cloud Services” Section removed (product now retired)
  • 120 Tickets Addressed

The full changelog is included at the end of both the PDF and DOCX files.

Many thanks to the entire CIS Microsoft Azure Community for another successful release! As always, the contributions of the members of the Azure Community are greatly appreciated and have made this release and its many improvements possible!

Special thanks to our prolific community editor Rachel Rice for her excellent contributions which are too numerous to list! Special thanks also to our new community member Rogier Carpier for helping us hone recommendations for network access.

Download the Microsoft Azure Compute Services Benchmark v2.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Google Kubernetes Engine (GKE) Benchmark v1.8.0

This Benchmark includes support for Kubernetes clusters built on Kubernetes v1.30, 1.31 & 1.32

  • Over 30 recommendations have been added or enhanced
  • The AAC has been improved
  • The Benchmark and recommendations have been updated to support Kubernetes v1.32

A huge thank you to the CIS Kubernetes Community for making this happen. Special Thanks to Rory McCune and Mark Larinde for their dedication to making this Benchmark the best it can be.

Download the CIS Google Kubernetes Engine (GKE) Benchmark v1.8.0  in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Google Kubernetes Engine (GKE) Autopilot Benchmark v1.2.0 

Download the CIS Google Kubernetes Engine (GKE) Autopilot Benchmark v1.2.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Google Workspace Foundations Benchmark v1.3.0

Here are some highlights:

  • Clarified guidance in regards to user access and superusers
  • Small bug fixes and clarifications

A huge thank you to the CIS Google Chrome and Google Workspace Communities for making this Benchmark happen.

Download the CIS Google Workspace Foundations Benchmark v1.3.0  in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS IBM AIX 7 Benchmark v1.1.0

A lot of effort has gone into analyzing and adding content to this Benchmark. Here are some highlights of the work that was done:

  • Added 23 Recommendations
  • Dropped 17 Recommendations
  • Updated 64 Recommendations

Thank you to the CIS IBM Community for making this Benchmark release happen.

Download the CIS IBM AIX 7 Benchmark v1.1.0  in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Microsoft Windows 10 Stand-alone Benchmark v4.0.0

Our team has devoted significant time and effort to enhance the content of this Benchmark, ensuring it remains relevant and valuable to members. Here's a quick overview of the key improvements we've made in this update: 

  • Added 19 new security settings
  • Updated 12 settings
  • Removed 4 settings
  • Renamed 3 settings
  • Moved 1 setting
  • Moved, added, and removed sections due to updated ADMX templates 

A change log detailing the modifications made is included in the Word Doc and PDF versions of the Benchmark. A huge thank you to the CIS Windows Community and Windows Team for making this benchmark happen. Special thanks to Haemish Edgerton and Aaron Margosis.

Download the CIS Microsoft Windows 10 Stand-alone Benchmark v4.0.0  in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Microsoft Windows Server 2019 Benchmark v4.0.0

Here's a quick overview of the key improvements we've made in this update:

  • Added 16 new security settings
  • Updated 10 settings
  • Removed 4 settings
  • Renamed 4settings
  • Moved 1 setting
  • Moved, added, and removed sections due to updated ADMX templates

A change log detailing the modifications made is included in the Word Doc and PDF versions of the Benchmark. A huge thank you to the CIS Windows Community and Windows Team for making this benchmark happen. Special thanks to Haemish Edgerton and Aaron Margosis.

Download the CIS Microsoft Windows Server 2019 Benchmark v4.0.0  in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS PostgreSQL 15 Benchmark v1.2.0

Here are some highlights of the work that was done:

  • Updated product versions throughout
  • Removed deprecated/vulnerable encryption algorithms
  • Corrected typos and other errors

A change log detailing the modifications made is included in the Doc and PDF versions of the Benchmark. A huge thank you to the CIS PostgreSQL Benchmark Community for making this Benchmark happen. Special thanks to Doug Hunley and Crunchy Data.

Download the CIS PostgreSQL 15 Benchmark v1.2.0  in PDF.

CIS SecureSuite Members can visit CIS Work here to download other formats and related resources. 

CIS PostgreSQL 16 Benchmark v1.1.0

Here are some highlights of the work that was done:

  • Updated product versions throughout
  • Removed deprecated/vulnerable encryption algorithms
  • Corrected typos and other errors

A change log detailing the modifications made is included in the Doc and PDF versions of the Benchmark. A huge thank you to the CIS PostgreSQL Benchmark Community for making this Benchmark happen. Special thanks to Doug Hunley and Crunchy Data.

Download the CIS PostgreSQL 16 Benchmark v1.1.0  in PDF.

CIS SecureSuite Members can visit CIS here to download other formats and related resources. 

CIS Red Hat OpenShift Container Platform v1.8.0

This Benchmark includes:

  • Support for Kubernetes clusters built on Kubernetes v1.30, 1.31, & 1.32       
  • The AAC has been improved
  • The benchmark and recommendations have been updated to support Kubernetes v1.32

A huge thank you to the CIS Kubernetes Community for making this happen.
Special thanks to Rory McCune, Mark Larinde, Lance Bragstad for their dedication to making this Benchmark the best it can be.

Download the CIS Red Hat OpenShift Container Platform v1.8.0  in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

We are excited to announce the new CIS Google Chrome Enterprise Core Browser Benchmark v1.0.0. This was previously named the CIS Google Chrome Browser Cloud Management Benchmark, but is being renamed to be inline with Google's naming structure.

Major milestones for this release:

  • Recommendations have been reordered to mimic the Google Workspace order
  • A Generative AI section has been added to give guidance around AI usage with Google Chrome
  • Over 15 new recommendations have been added in addition to the Generative AI recommendations
  • Several recommendations have been updated to reflect better guidance based on the communities input

A huge thanks to the CIS Google Chrome Community for making this happen.

Download the CIS Google Chrome Enterprise Core Browser Benchmark v1.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkB here to download other formats and related resources. 

CIS Google Chrome Group Policy Benchmark v1.0.0

We are excited to announce the new CIS Google Chrome Group Policy Benchmark v1.0.0. This was previously named the CIS Google Chrome Benchmark but is being renamed to differentiate between the Google Chrome Browser Cloud Management Benchmark.

Major milestones for this release:

  • Recommendations have been reordered to mimic the admx order
  • A Generative AI section has been added to give guidance around AI usage with Google Chrome
  • Over 15 new recommendations have been added in addition to the Generative AI recommendations
  • Several recommendations have been updated to reflect better guidance based on the communities input

A huge thanks to the CIS Google Chrome Community for making this happen.

Download the CIS Google Chrome Group Policy Benchmark v1.0.0  in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows Server 2022 Stand-alone Benchmark 

We are excited to announce the publication of the NEW CIS Microsoft Windows Server 2022 Stand-alone Benchmark v1.0.0. 

  • Our team has devoted significant time and effort to enhance the content of this benchmark, ensuring it remains relevant and valuable to members.

A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen.Special thanks to Haemish Edgerton and Aaron Margosis.

Download the CIS Microsoft Windows Server 2022 Stand-alone Benchmark in PDF.

CIS SecureSuite Members can visit CIS here to download other formats and related resources.

CIS Ubuntu Linux 24.04 LTS STIG Benchmark v1.0.0  

This Benchmark:

  • Follows the revised approach for CIS STIG Benchmarks
  • Contains 188 STIG Rules, 98% of which can be assessed through Automated Assessment Content (AAC).

A huge thank you to the Benchmark Development NIX Team for all their hard work in producing this Benchmark.

Download the CIS Ubuntu Linux 24.04 LTS STIG Benchmark v1.0.0 in PDF.

CIS SecureSuite Members can visit CIS here to download other formats and related resources.

 


Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today!

We're looking for contributors for the following technologies:

If you're interested, please reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.

CIS Benchmarks Which Will No Longer Be Active Without Community Volunteers

Due to a lack of Subject Matter Expert (SME) support CIS iplans on archive all versions of the CIS Zoom Benchmarks, the CIS Check Point Firewall Benchmarks, and the CIS Juniper Benchmarks [JunOS Benchmarks] on October 10, 2025. This can be prevented with renewed SME support! If you are an SME in this area and can assist, please contact the CIS Benchmark Development Team at [email protected] ASAP.

 

As of June 23, 2025, the MS-ISAC has introduced a fee-based membership. Any potential reference to no-cost MS-ISAC services no longer applies.