CIS Benchmarks Monthly Update September 2025

The following CIS Benchmarks^® and CIS Build Kits have been updated or recently released. We've highlighted the major updates below. Each Benchmark and Build Kit includes a full changelog that references all changes.

CIS Benchmarks Updated Last Month

• CIS AKS Optimized Azure Linux 2 Benchmark v1.1.0
• CIS IBM i V7R4M0 Benchmark v2.1.0
• CIS IBM i V7R5M0 Benchmark v2.1.0
• CIS GitHub Benchmark v1.1.0
• CIS Google ChromeOS Benchmark v1.1.0
• CIS Microsoft Windows Server 2016 STIG Benchmark v4.0.0
• CIS Microsoft Windows Server 2022 STIG Benchmark v3.0.0
• CIS MongoDB 7 v1.2.0 Benchmark
• CIS Oracle Database 23ai Benchmark v1.1.0 Benchmark
• CIS Oracle Linux 8 Benchmark v4.0.0
• CIS Red Hat Enterprise Linux 8 Benchmark v4.0.0
• CIS Rocky Linux 8 Benchmark v3.0.0
• CIS Palo Alto 10 Benchmark v1.3.0

CIS AKS Optimized Azure Linux 2 Benchmark v1.1.0

We are excited to announce the publication of the updated CIS AKS Optimized Azure Linux 2 Benchmark v1.1.0. This Benchmark is an update to the CIS AKS Optimized Azure Linux Benchmark v1.0.0. This title name change is due to the release of Azure Linux 3, which will have separate Benchmark coverage. A lot of effort has gone into analyzing and adding content to this Benchmark. Here are some highlights of the work that was done:

• Added 63 Recommendations
• Dropped 60 Recommendations
• Updated 58 Recommendations

A change log detailing the modifications made is included in the Doc and PDF versions of the Benchmark. A huge thank you to the CIS NIX team for making this Benchmark happen. Special thanks to Lynsey Rydberg and Tobias Brick.

Download the CIS AKS Optimized Azure Linux 2 Benchmark v1.1.0  in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS IBM i V7R4M0 Benchmark v2.1.0

This  update to the existing versions of the IBM i V7R4M0 Benchmark contains bug fixes and updates to existing Benchmarks. A huge thanks to Bruce Bading who authored this Benchmark.

Download the CIS IBM i V7R4M0 Benchmark v2.1.0  in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS IBM i V7R5M0 Benchmark v2.1.0

This  update to the existing versions of the IBM i V7R5M0 Benchmark contains bug fixes and updates to existing Benchmarks. A huge thanks to Bruce Bading who authored this Benchmark.

Download the CIS IBM i V7R5M0 Benchmark v2.1.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS GitHub Benchmark v1.1.0

This release addresses Github versions up to and including v3.16. Thanks to the community for providing recommendations, edits, and suggestions for improving this Benchmark. Special thanks to Matt Reagan for his help and assistance improving this version of the Benchmark.

Download the CIS GitHub Benchmark v1.1.0  in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Google ChromeOS Benchmark v1.1.0

We are excited to announce the updated CIS Google ChromeOS Benchmark v1.1.0. Major milestones for this release:

• A Generative AI section has been added to give guidance around AI usage with Google ChromeOS
• 15 recommendations added for better security guidance
• Removed recommendations for all deprecated policies
• Updated Controls v7 and v8 mappings
• Additional guidance for organizations using managed guest sessions for ChromeOS

A huge thanks to the CIS Google Community for making this happen.

Download the CIS Google ChromeOS Benchmark v1.1.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows Server 2016 STIG Benchmark v4.0.0

Our team has devoted significant time and effort to enhance the content of this Benchmark, ensuring it remains relevant and valuable to members. Here's a quick overview of the key improvements we've made in this update:

• Removed  all CIS Recommendations
• Added 1 STIG Rule

A change log detailing the modifications made is included in the Word Doc and PDF versions of the Benchmark.

Download the CIS Microsoft Windows Server 2016 STIG Benchmark v4.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows Server 2022 STIG Benchmark v3.0.0

Our team has devoted significant time and effort to enhance the content of this Benchmark, ensuring it remains relevant and valuable to members. Here's a quick overview of the key improvements we've made in this update:

• Removed  all CIS Recommendations
• Added 2 STIG Rules 

A change log detailing the modifications made is included in the Word Doc and PDF versions of the Benchmark.

Download the CIS Microsoft Windows Server 2022 STIG Benchmark v3.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS MongoDB 7 v1.2.0 Benchmark

This Benchmark has been updated and improved to support the most recent version release of MongoDB7. All audits, remediations, and recommendations have been edited and updated to support the most recent version. 

Special thanks to Matt Reagan for his hard work and dedication in making this Benchmark the best it can be.

Download the CIS MongoDB 7 v1.2.0 Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Oracle Database 23ai Benchmark v1.1.0 Benchmark

Here are some highlights of the work that was done:

• Updated product versions throughout
• Corrected typos and other errors

A change log detailing the modifications made is included in the Doc and PDF versions of the Benchmark. A huge thank you to the CIS Oracle Database Benchmark Community for making this Benchmark happen. Special thanks to Nelly Chng, Alexander Kornbrust, Russ Lowenthawl, Jay Mehta, and Oracle.

Download the CIS Oracle Database 23ai Benchmark v1.1.0 Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Oracle Linux 8 Benchmark v4.0.0

A lot of effort has gone into analyzing and adding content to this Benchmark. Here are some highlights of the work that was done:

• Added:
• 133 Recommendations
• 22 Sections
• Dropped:
• 96 Recommendations
• 18 Sections
• Updated:
• 159 Recommendations
• 18 Sections

Please note: In the interest of simplifying and clarifying the guidance for Host Based Firewalls (HBF), community consensus has decided to update our coverage to include guidance for the most common HBF. We have updated our guidance in the latest Benchmark to cover using FirewallD as the firewall configuration tool. A special thank you to the Linux Community and the Nix team without their hard work, this Benchmark would not have been possible

Download the CIS Oracle Linux 8 Benchmark v4.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Red Hat Enterprise Linux 8 Benchmark v4.0.0

We are excited to announce the publication of the final update of the CIS Red Hat Enterprise Linux 8 Benchmark v4.0.0. A lot of effort has gone into analyzing and adding content to this Benchmark. Here are some highlights of the work that was done:

• Added
• 132 Recommendations
• 23 Sections
• Dropped
• 97 recommendations
• 18 Sections
• Moved
• 154 Recommendations
• 25 Sections
• Updated
• 190 Recommendations
• 18 sections

Please note: In the interest of simplifying and clarifying the guidance for Host Based Firewalls (HBF), community consensus has decided to update our coverage to include guidance for the most common HBF. We have updated our guidance in the latest Benchmark to cover using FirewallD as the firewall configuration tool. A special thank you to the Linux Community and the Nix team without their hard work, this Benchmark would not have been possible.

Download the CIS Red Hat Enterprise Linux 8 Benchmark v4.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Rocky Linux 8 Benchmark v3.0.0

A lot of effort has gone into analyzing and updating content to this Benchmark. Here are some highlights of the work that was done:

• Added:
• 154 Recommendations
• 25 Sections
• Dropped:
• 97 recommendations
• 18 Sections
• Updated:
• 190 Recommendations
• 18 sections

Please note: In the interest of simplifying and clarifying the guidance for Host Based Firewalls (HBF), community consensus has decided to update our coverage to include guidance for the most common HBF. We have updated our guidance in the latest Benchmark to cover using FirewallD as the firewall configuration tool. A special thank you to the Linux Community and the Nix team without their hard work, this Benchmark would not have been possible.

Download the CIS Rocky Linux 8 Benchmark v3.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Palo Alto 10 Benchmark v1.3.0

We are pleased to announce that CIS Palo Alto 10 Benchmark v1.3.0 FINAL RELEASE has been published. Thank you to the Palo Alto Networks community for your input without you this would not have been possible. Here is a summary of changes

• Changes to CISCAT content to address false failures
• Addressed several tickets to clarify audit and remediation procedures

A special thanks to Eric Leong for your constant support.

Download the CIS Palo Alto 10 Benchmark v1.3.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.