HomeInsightsBlog PostsCIS Benchmarks March 2024 Update

CIS Benchmarks March 2024 Update

CIS-Benchmarks

The following CIS Benchmarks and CIS Build Kits have been updated or recently released. We've highlighted the major updates below. Each Benchmark and Build Kit includes a full changelog that references all changes.

CIS Benchmarks Updated in February

CIS Microsoft Azure Foundations Benchmark v2.1.0

Some items of note for this update:

  • 82 Change Log entries
  • Seven new recommendations
  • Eight recommendations deprecated
  • References to Azure AD have been updated to "Entra ID"
  • Azure Policy matched to 100 recommendations
  • Updated procedures and syntax

Our gratitude goes to the many active contributors in the CIS Microsoft Azure community. Thanks to each and every contributor for their dedication to sharing their expertise and helping make the connected world a little safer! Special thanks go to the Azure Policy heroes: Niclas Madsen, Robert Burton, Steve Johnson, Jim Cheng, and Luke Schultheis.

Download the CIS Microsoft Azure Foundations Benchmark v2.1.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Intune for Windows 10 Benchmark v3.0.0

Some items of note for this update:

  • Analyzed over 50 new settings and services
  • Added 19 new security recommendations
  • Updated one recommendation
  • Added 45 Windows service recommendations
  • Removed 13 recommendations
  • Changed the structure of the Benchmark to follow the settings catalog
  • Created a mapping document for members to be able to easily find which Intune recommendation equals which on-prem (GPO) recommendation

A special thanks to the CIS Benchmark Team (Microsoft Area) for all their work on this Benchmark rewrite.

Download the CIS Microsoft Intune for Windows 10 Benchmark v3.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Intune for Windows 11 Benchmark v3.0.0

Some items of note for this update:

  • Analyzed over 50 new settings and services
  • Added 48 new security recommendations
  • Updated six recommendation
  • Added 45 Windows service recommendations
  • Removed 13 recommendations
  • Changed the structure of the Benchmark to follow the settings catalog
  • Created a mapping document for members to be able to easily find which Intune recommendation equals which on-prem (GPO) recommendation

A special thanks to the CIS Benchmark Team (Microsoft Area) for all their work on this Benchmark rewrite.

Download the CIS Microsoft Intune for Windows 10 Benchmark v3.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows 10 Enterprise Benchmark v3.0.0

Some items of note for this update:

  • Analyzed over 40 new settings and services
  • Added 14 new security settings
  • Updated 20 settings
  • Removed 17 settings
  • Moved, added, and removed sections due to updated ADMX templates

A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen. Special thanks go to Haemish Edgerton and Aaron Margosis.

Download the CIS Microsoft Windows 10 Enterprise Benchmark v3.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows 11 Enterprise Benchmark v3.0.0

Some items of note for this update:

  • Analyzed over 40 new settings and services
  • Added 19 new security settings
  • Updated 20 settings
  • Removed 17 settings
  • Moved, added, and removed sections due to updated ADMX templates

A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen. Special thanks go to Haemish Edgerton and Aaron Margosis.

Download the CIS Microsoft Windows 11 Enterprise Benchmark v3.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Build Kits Released in February

CIS Amazon Linux 2 Benchmark v3.0.0

This CIS Build Kit supports all profiles available in the Benchmark and will remediate the target accordingly. In testing against a default Amazon Linux 2 installation for the Level 2 Server profile, the Build Kit remediates more than 90 default settings that do not comply with the Benchmark guidance. A follow-up scan by CIS-CAT Pro assessment returns a PASS result over 80%. 

Some items of note for this release:

  • Update to file system partition scripts
  • New scripts for the PAM section
  • Updated script for firewall recommendations

Download the CIS Amazon Linux 2 Benchmark v3.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download the corresponding Benchmark and related resources.

CIS CentOS Linux 7 Benchmark v4.0.0

This CIS Build Kit supports all profiles available in the Benchmark and will remediate the target accordingly. In testing against a default CentOS Linux 7 installation for the Level 2 Server profile, the Build Kit remediates more than 100 default settings that do not comply with the Benchmark guidance. A follow-up scan by CIS-CAT Pro assessment returns a PASS result over 90%. 

Some items of note for this release:

  • Update to file system partition scripts
  • New scripts for the PAM section
  • Updated script for firewall recommendations

Download the CIS CentOS Linux 7 Benchmark v4.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download the corresponding Benchmark and related resources.

 

 

Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today! We're looking for contributors for the following technologies:

    If you're interested, please reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.

Related Resources