CIS Benchmarks Update November 2025

 

The following CIS Benchmarks and CIS Build Kits have been updated or recently released. We've highlighted the major updates below. Each Benchmark and Build Kit includes a full changelog that references all changes.

CIS Benchmarks Updated Last Month

• CIS Palo Alto Firewall 11 Benchmark v1.2.0
• CIS Oracle MySQL 8.0 Enterprise Benchmark v1.5.0
• CIS Oracle MySQL 8.0 Community Server Benchmark v1.2.0
• CIS Microsoft Azure Foundations Benchmark v5.0.0
• CIS Google Android Benchmark v1.6.0
• CIS Microsoft Edge Benchmark v4.0.0
• CIS IBM Db2 11 Benchmark v1.2.0

CIS Palo Alto Firewall 11 Benchmark v1.2.0 Released

This update strengthens automated compliance and audit readiness:

• Resolved 4 community-submitted tickets
• Refined CISCAT-compatible automated content

Thanks to the Palo Alto Community for your continued engagement and technical insights.

Download the CIS Palo Alto Firewall 11 Benchmark v1.2.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Oracle MySQL 8.0 Enterprise Edition Benchmark v1.5.0

This release improves cryptographic and account security guidance:

• Corrected 11 documented issues
• Backported FIPS 140-2 Open_SSL cryptography recommendation
• Enforced password policy for all MySQL accounts

Special thanks to Mike Frank and Oracle, and to the CIS Oracle MySQL Benchmark Community for your precision and dedication.

Download the CIS Oracle MySQL 8.0 Enterprise Edition Benchmark v1.5.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Oracle MySQL 8.0 Community Server Benchmark v1.2.0

Enhancements include:

• Addressed 11 tickets
• Added FIPS 140-2 Open_SSL cryptography guidance
• Backported password enforcement recommendation
• Corrected versioning in changelog

Thanks to Mike Frank, Oracle, and the CIS Community for your ongoing support.

Download the CIS Oracle MySQL 8.0 Community Server Benchmark v1.2.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Azure Foundations Benchmark v5.0.0

A major update reflecting evolving cloud security practices:

• 22 new recommendations
• 58 updated recommendations
• 1 deprecated recommendation removed
• 110 tickets resolved
• Retired “Common Reference Recommendations” section

Deep gratitude to Rachel Rice for her prolific contributions and to the entire Azure Community for driving this release forward.

Download the CIS Microsoft Azure Foundations Benchmark v5.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Google Android Benchmark v1.6.0

This version aligns mobile security guidance across platforms:

• Harmonized with CIS Apple iOS Benchmark
• Added recommendations from community input

Special thanks to Randie Bejar and the CIS Android Community for your commitment to mobile security excellence.

Download the CIS Google Android Benchmark v1.6.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Edge Benchmark v4.0.0

Browser hardening updates include:

• 7 new ADMX-based security settings
• 8 updated settings
• 9 removed settings
• Section restructuring based on ADMX template changes

Thanks to Haemish Edgerton, William Ferguson, Joe Goerlich, Daniel Jasiak, Aaron Margosis, and the CIS Windows Browser Community for your detailed technical contributions.

Download the CIS Microsoft Edge Benchmark v4.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS IBM Db2 11 Benchmark v1.2.0

This release improves clarity and auditability:

• Resolved 11 tickets
• Enhanced descriptions, rationale, and remediation steps

Special thanks to Greg Stager and the CIS Db2 Benchmark Community for your thoughtful refinements.

Download the CIS IBM Db2 11 Benchmark v1.2.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

New CIS Benchmarks Released Last Month

• CIS Red Hat Enterprise Linux 10 Benchmark v1.0.1
• CIS IBM z/OS with RACF Benchmark v1.0.0
• CIS Microsoft Windows Server 2025 Stand-alone Benchmark v1.0.0
• CIS Rocky Linux 10 Benchmark v1.0.0
• CIS AlmaLinux OS 10 Benchmark v1.0.0
• CIS Apple iOS and iPadOS 18 for Intune Benchmark v1.0.0
• CIS FortiGate 7.4.x Benchmark v1.0.0

CIS Red Hat Enterprise Linux 10 Benchmark v1.0.1

This bug fix release for the new technology version includes:

• Updated 21 recommendations

A huge thank you to the CIS Team NIX for making this Benchmark happen.

Download the CIS Red Hat Enterprise Linux 10 Benchmark v1.0.1 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS IBM z/OS with RACF Benchmark v1.0.0

This updated Benchmark reflects extensive analysis and content refinement.

Special thanks to Daniel Burk and Mark Nelson – your hard work made this Benchmark possible.

Download the CIS IBM z/OS with RACF Benchmark v1.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows Server 2025 Stand-alone Benchmark v1.0.0

This new Benchmark delivers enhanced guidance for securing Windows Server 2025 environments.

Thanks to the CIS Windows Community and Windows Team for your dedicated efforts. Special thanks to Haemish Edgerton and Aaron Margosis for your expert contributions.

Download the CIS Microsoft Windows Server 2025 Stand-alone Benchmark v1.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Rocky Linux 10 Benchmark v1.0.0

This new technology version provides foundational security recommendations for Rocky Linux 10.

A huge thank you to the CIS Team NIX for making this Benchmark happen.

Download the CIS Rocky Linux 10 Benchmark v1.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS AlmaLinux OS 10 Benchmark v1.0.0

This new technology version introduces secure configuration guidance for AlmaLinux OS 10.

A huge thank you to the CIS Team NIX for making this Benchmark happen.

Download the CIS AlmaLinux OS 10 Benchmark v1.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Apple iOS and iPadOS 18 for Intune Benchmark v1.0.0

Major milestones for this release:

• Updated guidance to mirror the existing CIS Apple iOS and iPadOS Benchmark
• Added recommendations based on community input

A huge thanks to Lewis Hardy, author of the Benchmark, for leading this effort.

Download the CIS Apple iOS and iPadOS 18 for Intune Benchmark v1.0.0 in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS FortiGate 7.4.x Benchmark v1.0.0

This release reflects extensive collaboration and technical drafting.

Special thanks to Eric Leong, Tim Smith, and Peter Tomis, and to the Fortinet community for your support.

CIS SecureSuite Members can visit CIS WorkBench here to download PDF and other formats and related resources.

CIS Build Kits Created Last Month

• CIS Rocky Linux 10 Benchmark v1.0.0
• CIS Microsoft Windows Server 2025 Stand-alone Benchmark v1.0.0
• CIS Oracle Linux OS 10 Benchmark v1.0.0
• CIS AlmaLinux OS 10 Benchmark v1.0.0
• CIS Microsoft Edge Benchmark v4.0.0
• CIS Red Hat Enterprise Linux 10 Benchmark v1.0.1

---

 

Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today!

We're looking for contributors for the following technologies:

• PostgreSQL
• IBM DB2
• Oracle MySQL
• Microsoft Windows

If you're interested, please reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.