CIS Benchmarks June 2025 Update
The following CIS Benchmarks® and CIS Build Kits have been updated or recently released. We've highlighted the major updates below. Each Benchmark and Build Kit includes a full changelog that references all changes.
CIS Benchmarks Updated Last Month
- CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.7.0
- CIS Cisco IOS XE 17.x Benchmark v2.2.0
- CIS Google Cloud Platform Foundation Benchmark v4.0.0
- CIS Microsoft 365 Foundations Benchmark v5.0.0
- CIS Microsoft SQL Server 2019 Benchmark v1.5.0 — Final Update
- CIS Microsoft SQL Server 2022 Benchmark v1.2.0
- CIS Microsoft Windows 10 Enterprise Benchmark v4.0.0
- CIS Microsoft Windows 11 Stand-alone Benchmark v4.0.0
- CIS Microsoft Windows Server 2022 Benchmark v4.0.0
- CIS Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) Benchmark v1.7.0
- CIS SUSE Linux Enterprise 12 Benchmark v3.2.1
- CIS VMware ESXi 7.0 Benchmark v1.5.0
CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.7.0
This Benchmark includes support for Kubernetes clusters built on Kubernetes v1.29, 1.30, and 1.31.
- Over 25 recommendations have been added or enhanced
- The Automated Assessment Content (AAC) has been improved
- The Benchmark and recommendations have been updated to support Kubernetes v1.31
A huge thank you to the CIS Kubernetes Community for making this happen. Special thanks to Rory McCune and Mark Larinde for their dedication to making this Benchmark the best it can be.
Download the CIS Kubernetes Benchmark in PDF.
CIS SecureSuite® Members can visit CIS WorkBench here to download other formats and related resources.
CIS Cisco IOS XE 17.x Benchmark v2.2.0
Here are some of the changes:
- Expanded CIS-CAT® coverage
- Corrected false positive findings within our testing artifacts
- Completed 10 tickets
We would like to thank the CIS Cisco Community for its continuing efforts. Special thanks to Curtis Starnes for his knowledge and assistance.
Download the CIS Cisco Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Google Cloud Platform Foundation Benchmark v4.0.0
Here are some highlights of the changes made:
- Updated multiple audit and remediation steps to reflect console changes
- Added two new recommendations
- Confirmed and updated multiple reference links
- Clarified Rationale wording in multiple recommendations
Thank you to all of the editors and contributors that helped complete this process! A special thanks to Krishna Rayavaram, Cliff Barbier, and Anmol Baansal for the extra time they contributed.
Download the CIS Google Cloud Computing Platform Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Microsoft 365 Foundations Benchmark v5.0.0
Here's a quick overview of the key improvements we've made in this update:
- Added seven new recommendations
- Removed three recommendations
- Updated 49 recommendations
- Updated the Conditional Access recommendations to better clarify how inclusions and exclusions are to be audited
- In order to support future development, changes were made to how profiles are "tagged" on recommendations. Each applicable profile is now added to each recommendation. For example, one at E3 Level 1 would now also have E5 Level 2 added to it. As always, Level 2 profiles include the Level 1 profile of the same license type.
- General spelling and grammar corrections
A huge thank you to the Microsoft 365 team for making this Benchmark happen.
Download the CIS Microsoft 365 Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Microsoft SQL Server 2019 Benchmark v1.5.0 — Final Update
A huge thank you to the CIS Microsoft SQL Server Community for making this happen, and special thanks to Steinar Andersen, Rob Kraft, and Sean McCown.
Download the CIS Microsoft SQL Server Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Microsoft SQL Server 2022 Benchmark v1.2.0
Highlights include:
- Updated Audit and T-SQL procedures for four recommendations
- Updated appendix for Establishing an Audit/Scan User
- Addressed 15 tickets
A huge thank you to the CIS Microsoft SQL Server Community for making this happen.
Special thanks to Steinar Andersen, Rob Kraft, and Sean McCown.
Download the CIS Microsoft SQL Server Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Microsoft Windows 10 Enterprise Benchmark v4.0.0
Here's a quick overview of the key improvements we've made in this update:
- Added 19 new security settings
- Updated 11 settings
- Removed two settings
- Renamed three setting
- Moved one setting
- Moved, added, and removed sections due to updated ADMX templates
A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen. Special thanks to Haemish Edgerton and Aaron Margosis.
Download the CIS Microsoft Windows Desktop Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Microsoft Windows 11 Stand-alone Benchmark v4.0.0
Here's a quick overview of the key improvements we've made in this update:
- Added 41 new security settings
- Updated 13 settings
- Removed 15 settings
- Renamed three settings
- Moved one setting
- Moved, added, and removed sections due to updated ADMX templates.
A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen. Special thanks to Haemish Edgerton and Aaron Margosis.
Download the CIS Microsoft Windows Desktop Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Microsoft Windows Server 2022 Benchmark v4.0.0
Here's a quick overview of the key improvements we've made in this update:
- Added 18 new security settings
- Updated 10 settings
- Removed four settings
- Renamed five settings
- Moved one setting
- Moved, added, and removed sections due to updated ADMX templates
A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen.
Special thanks to Haemish Edgerton and Aaron Margosis.
Download the CIS Microsoft Windows Server Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) Benchmark v1.7.0
This Benchmark includes support for Kubernetes clusters built on Kubernetes v1.29, 1.30, and 1.31.
- Over 20 recommendations have been added or enhanced
- The AAC has been improved
- The Benchmark and recommendations have been updated to support Kubernetes v1.31
Lots of time and effort goes into creating a new technology release Benchmark. A huge thank you to the CIS Kubernetes Community for making this happen. Special thanks to Rory McCune and Mark Larinde for their dedication to making this Benchmark the best it can be.
Download the CIS Kubernetes Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS SUSE Linux Enterprise 12 Benchmark v3.2.1
This bug fix addresses issues several reported issues.
- 31 recommendations have been updated
Download the CIS SUSE Linux Enterprise Server Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS VMware ESXi 7.0 Benchmark v1.5.0
This Benchmark includes support for the latest release of ESXi 7.0 update 3v.
- The Benchmark and recommendations have been updated to support ESXi 7.0 update 3v
Thank you to the CIS VMware Community for making this happen. Special thanks to Tony Wilwerding for his dedication to making this benchmark the best it can be.
Download the CIS VMware Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
New CIS Benchmarks Released Last Month
- CIS Apple MacOS 14.0 Sonoma Intune Benchmark v1.0.0
- CIS Apple MacOS 15.0 Sequoia Intune Benchmark v1.0.0
- CIS Ubuntu Linux 22.04 LTS STIG Benchmark v1.0.0
CIS Apple MacOS 14.0 Sonoma Intune Benchmark v1.0.0
This release allows the existing CIS Apple macOS 14.0 Sonoma Benchmark to be configured through Microsoft Intune.
Major milestones for this new release:
- Updated guidance for Apple's macOS 14.0 operating system and added new recommendations based on new functionality
- All audits and remediation procedures include using the Microsoft Intune admin center
A huge thanks to Lewis Hardy, who authored this Benchmark.
Download the CIS Apple macOS Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
This release allows the existing CIS Apple macOS 15.0 Sequoia Benchmark to be configured through Microsoft Intune.
Major milestones for this new release:
- Updated guidance for Apple's newest operating system and added new recommendations based on new functionality in macOS 15.0
- All audits and remediation procedures include using the Microsoft Intune admin center
A huge thanks to Lewis Hardy, who authored this Benchmark.
Download the CIS Apple macOS Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
This Benchmark:
- Follows the revised approach for CIS STIG Benchmarks
- Contains 179 STIG Rules, with 99% capable of being assessed through AAC
A huge thank you to the Benchmark Development NIX Team for all its hard work in producing this Benchmark.
Download the CIS Ubuntu Linux Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today!
If you're interested, please reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.
