CIS Benchmarks April 2024 Update

The following CIS Benchmarks and CIS Build Kits have been updated or recently released. We've highlighted the major updates below. Each Benchmark and Build Kit includes a full changelog that references all changes.

CIS Benchmarks Updated in March

• CIS Cisco IOS XE 16.x Benchmark v2.1.0
• CIS Cisco IOS XE 17.x Benchmark v2.1.0
• CIS Debian Linux 11 Benchmark v2.0.0
• CIS Google Cloud Platform Foundation Benchmark v3.0.0
• CIS MariaDB 10.6 Benchmark v1.1.0
• CIS Microsoft SQL Server 2022 Benchmark v1.1.0
• CIS Microsoft Windows Server 2019 Benchmark v3.0.0
• CIS Microsoft Windows Server 2022 Benchmark v3.0.0
• CIS PostgreSQL 13 Benchmark v1.2.0
• CIS PostgreSQL 14 Benchmark v1.2.0
• CIS Ubuntu Linux 18.04 LTS Benchmark v2.2.0 — Final Release
• CIS Ubuntu Linux 22.04 LTS Benchmark v2.0.0
• CIS VMware ESXi 6.7 Benchmark v1.4.0 — Final Release
• CIS VMware ESXi 7.0 Benchmark v1.4.0
• CIS VMware ESXi 8.0 Benchmark v1.1.0

CIS Cisco IOS XE 16.x Benchmark v2.1.0

Some items of note for this update:

• Added 15+ artifacts to be used on CIS-CAT Pro

A huge thank you goes out to the Cisco Community for making this release happen.

Download the CIS Cisco Benchmark in PDF.

CIS SecureSuite^® Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Cisco IOS XE 17.x Benchmark v2.1.0

Some items of note for this update:

• Added 15+ artifacts to be used on CIS-CAT Pro

A huge thank you goes out to the Cisco Community for making this release happen.

Download the CIS Cisco Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Debian Linux 11 Benchmark v2.0.0

Some items of note for this update:

• Added 184 new sections and recommendations
• Dropped 149 sections and recommendations
• Moved 183 sections and recommendations
• Updated 150 sections and recommendations

A huge thank you to the CIS Linux Community and Nix Team for making this Benchmark happen.

Download the CIS Debian Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Google Cloud Platform Foundation Benchmark v3.0.0

Thank you to all of the editors that helped complete this process. Special thanks go to Krishna Rayavaram, Zan Liffick, and Rahul Pareek for the extra time they contributed.

Download the CIS Google Cloud Computing Platform Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS MariaDB 10.6 Benchmark v1.1.0

Some items of note for this update:

• Updated four recommendations
• Addressed six tickets

A huge thank you to CIS MariaDB Community for making this happen. Special thanks go to Greg MacLean.

Download the CIS MariaDB Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Microsoft SQL Server 2022 Benchmark v1.1.0

Some items of note for this update:

• Added two new Level 1 recommendations in Authentication and Authorization section (3.12, 3.13)
• Added two new Level 2 recommendations in Encryption section (7.4, 7.5)
• Added an appendix for Establishing an Audit/Scan User (section 9)
• Updated T-SQL and Artifacts for four recommendations (2.11, 3.3, 5.4, 7.3)
• Added two new audit actions for SQL Server Audit recommendation (5.4)
• Addressed 20 tickets

A huge thank you to the CIS Microsoft SQL Server Community for making this happen. Special thanks go to Steinar Andersen, Rob Kraft, and Sean McCown.

Download the CIS Microsoft SQL Server Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Microsoft Windows Server 2019 Benchmark v3.0.0

Some items of note for this update:

• Analyzed over 40 new settings and services
• Added 15 new security settings
• Updated 15 settings
• Removed 14 settings
• Moved, added, and removed sections due to updated ADMX templates

A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen. Special thanks go to Haemish Edgerton and Aaron Margosis.

Download the CIS Microsoft Windows Server Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows Server 2022 Benchmark v3.0.0

Some items of note for this update:

• Analyzed over 40 new settings and services
• Added 15 new security settings
• Updated 15 settings
• Removed 14 settings
• Moved, added, and removed sections due to updated ADMX templates

A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen. Special thanks go to Haemish Edgerton and Aaron Margosis.

Download the CIS Microsoft Windows Server Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS PostgreSQL 13 Benchmark v1.2.0

This release addresses several issues identified in the prior release of the CIS PostgreSQL 13 Benchmark. Some items of note for this update:

• Added recommendations for interactive login and account lockout
• Added four connection and login recommendations, including limits, passwords specified via command line, and password complexity
• Added recommendations for weak SSL/TLS ciphers and protocols
• Revised several audit and remediation procedures to fix typos, improve procedures, reflect changes to PostgreSQL, and resolve tickets

A huge thank you to entire CIS PostgreSQL Community for making this happen. Special thanks go to Doug Hunley and Crunchy Data for their contributions to this release. 

Download the CIS PostgreSQL Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS PostgreSQL 14 Benchmark v1.2.0

This release addresses several issues identified in the prior release of the CIS PostgreSQL 14 Benchmark. Some items of note for this update: 

• Added recommendations for interactive login and account lockout
• Added four connection and login recommendations, including limits, passwords specified via command line, and password complexity
• Added recommendations for weak SSL/TLS ciphers and protocols
• Revised several audit and remediation procedures to fix typos, improve procedures, reflect changes to PostgreSQL, and resolve tickets

A huge thank you to entire CIS PostgreSQL Community for making this happen. Special thanks go to Doug Hunley and Crunchy Data for their contributions to this release. 

Download the CIS PostgreSQL Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Ubuntu Linux 18.04 LTS Benchmark v2.2.0 — Final Release

Some items of note for this final release:

• Addressed 23 tickets
• Added 151 new recommendations
• Dropped 98 recommendations
• Updated 152 recommendations

Special thanks to the Linux community, without which none of this would be possible.

Download the CIS Ubuntu Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Ubuntu Linux 22.04 LTS Benchmark v2.0.0

Some items of note for this update:

• Added 184 new recommendations
• Dropped 150 recommendations
• Moved 183 recommendations
• Updated 151 sections and recommendations

A huge thank you to the CIS Linux Community and Nix Team for making this Benchmark happen.

Download the CIS Ubuntu Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS VMware ESXi 6.7 Benchmark v1.4.0 — Final Release

Some items of note for this final release:

• Updated and added numerous audit procedures
• Updated recommendations to reflect new or changed default settings
• Resolved false positives and all other open bugs reported

A huge thank you to the CIS VMware Community for making this Benchmark happen. Special thanks go to Robert Plankers at VMWare, Greg Carpenter, Matthew Reagan, and Tony Wilwerding.

Download the CIS VMware Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS VMware ESXi 7.0 Benchmark v1.4.0

Some items of note for this update:

• Updated and added numerous audit procedures
• Updated recommendations to reflect new or changed default settings
• Resolved false positives and all other open bugs reported

A huge thank you to the CIS VMware Community for making this Benchmark happen. Special thanks go to Robert Plankers at VMWare, Greg Carpenter, Matthew Reagan, and Tony Wilwerding.

Download the CIS VMware Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS VMware ESXi 8.0 Benchmark v1.1.0

Some items of note for this update:

• Updated and added numerous audit procedures
• Updated recommendations to reflect new or changed default settings
• Resolved false positives and all other open bugs reported

A huge thank you to the CIS VMware Community for making this Benchmark happen. Special thanks go to Robert Plankers at VMWare, Greg Carpenter, Matthew Reagan, and Tony Wilwerding.

Download the CIS VMware Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Benchmarks Released in March

• CIS GitLab Benchmark v1.0.0
• CIS Google Chrome Browser Cloud Management Benchmark v1.0.0
• CIS MariaDB 10.11 Benchmark v1.0.0

CIS GitLab Benchmark v1.0.0

This document provides prescriptive guidance for establishing a secure configuration posture for securing the software supply chain and addresses the GitLab platform specifically. It exemplifies the great things a community of users, vendors, and subject matter experts can accomplish through consensus collaboration.

The CIS Community thanks the entire consensus team, with special recognition to the following individuals: Ayoub Fandi at GitLab, Sara Meadzinger at GitLab, Greg Myers at GitLab, and Nick Malcolm at GitLab.

Download the CIS GitLab Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Google Chrome Browser Cloud Management Benchmark v1.0.0

This is the first Benchmark we have released for Google Chrome that offers settings through Google Chrome Browser Cloud Management. Some items of note for this new release: 

• Recommendations have been updated to reflect the proper path in Google Workspace
• Recommendation titles have been updated to the naming within Google Workspace
• Maintains all settings recommended in the Google Chrome GPO Benchmark v3.0.0

A huge thanks to the CIS Google Chrome Community for making this happen.

Download the CIS Google Chrome Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS MariaDB 10.11 Benchmark v1.0.0

Some items of note for this new release:

• Added one new recommendation
• Updated four recommendations
• Addressed seven tickets

A huge thank you to CIS MariaDB Community for making this happen. Special thanks go to Greg MacLean.

Download the CIS MariaDB Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

 

---

 

Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today! We're looking for contributors for the following technologies:

• Amazon Aurora: Reach out to [email protected]
• Apache Cassandra
• Check Point Firewall
• Cisco (preferred focus on NX-OS, ACI, ASA, iOS, Meraki, Firepower)
• Google Android
• F5 Networks
• Juniper Networks (preferred focus on Junos OS)
• Microsoft SQL Server
• Palo Alto Networks
• PostgreSQL
• VMware (preferred with EXSi expertise)

If you're interested, please reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.