CIS Benchmarks April 2025 Update

The following CIS Benchmarks^® have been updated or recently released. We've highlighted the major updates below. Each Benchmark and includes a full changelog that references all changes.

CIS Benchmarks Updated Last Month

• CIS Amazon Web Services Foundations Benchmark v5.0.0
• CIS Apple macOS 12.0 Monterey Cloud-tailored Benchmark v1.1.0 — FINAL
• CIS Apple macOS 15.0 Sequoia Cloud-tailored Benchmark v1.1.0
• CIS Cisco NX-OS Benchmark v1.2.0
• CIS Kubernetes Benchmark v1.11.0
• CIS Microsoft Azure Foundations Benchmark v4.0.0
• CIS Microsoft Windows 11 Enterprise Benchmark v4.0.0
• CIS Ubuntu Linux 20.04 LTS Benchmark v3.0.0
• CIS VMware ESXi 8.0 Benchmark v1.2.0

CIS Amazon Web Services Foundations Benchmark v5.0.0

We highly value the expertise and insights of our Community, and your feedback will play a crucial role in refining and ensuring that future updates meet the rigorous needs and expectations of Amazon Web Services (AWS) users worldwide. Your contributions will help us maintain the highest standards of best practices and strengthen the security posture of AWS implementations. We invite you to review, provide feedback, and help shape this critical Benchmark going forward.

Download the CIS Amazon Web Services Benchmark in PDF.

CIS SecureSuite^® Members can visit CIS WorkBench here to download other formats and related resources.

CIS Apple macOS 12.0 Monterey Cloud-tailored Benchmark v1.1.0 — FINAL

Some items of note for this final update for Apple macOS 12 Monterey:

• Added missing functionality that was not auditable in previous versions of the Benchmark
• Removed recommendations that were not needed in a non-local environment
• Updated all Terminal commands to reflect the shell change from bash to zsh
• Modified recommendations to reflect Community tickets

A huge thanks to the CIS Apple macOS Community for making this happen. This is also the first and only release for the macOS 12.0 Monterey Cloud-tailored Benchmark to have a complete CIS Build Kit using scripting.

Download the CIS Apple macOS Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Apple macOS 15.0 Sequoia Cloud-tailored Benchmark v1.1.0

Some items of note for this update:

• Updated guidance for Apple's newest operating system and added new recommendations based on new functionality in Apple macOS 15.0
• Added missing functionality that was not auditable in previous versions of the Benchmark

A huge thanks to the CIS Apple macOS Community for making this happen. There will be a complete CIS Build Kit using scripting.

Download the CIS Apple macOS Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Cisco NX-OS Benchmark v1.2.0

Some items of note for this update:

• Automated content for CIS-CAT^® use
• Added one recommendation
• Completed three tickets to correct issues

A huge thanks to the CIS Cisco Community for making this Benchmark happen.

Download the CIS Cisco Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Kubernetes Benchmark v1.11.0

Some items of note for this update:

• Added automated assessment content (AAC) and support for Kubernetes v1.31 and v1.32
• Updated audit and remediation procedures for 21 recommendations

This Benchmark exemplifies the great things a community of users, vendors, and subject matter experts can accomplish through consensus collaboration. This CIS Community thanks the entire consensus team. Special recognition goes to Rory McCune, Joe Bowbeer, and Matt Reagan!

Download the CIS Kubernetes Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Azure Foundations Benchmark v4.0.0

Some items of note for this update:

• Aligned main sections with service category names (defined by the Azure Product Directory) to help with logical organization and to direct readers to associated CIS Service Category Benchmarks
• Moved 92 non-”Foundational” recommendations (specific to instances of services, not broadly implemented at the tenant or subscription level) to the associated CIS Service Benchmarks:
  • Moved most (29 of 30) compute recommendations to the CIS Microsoft Azure Compute Services Benchmark
  • Moved all (28 of 28) database recommendations to the CIS Microsoft Azure Database Services Benchmark
  • Moved most (35 of 56) storage recommendations to the CIS Microsoft Azure Storage Services Benchmark
• Added 20 recommendations
• Updated 31 recommendations
• Removed six recommendations
• Addressed 110 tickets

Download the CIS Microsoft Azure Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows 11 Enterprise Benchmark v4.0.0

Some items of note for this update:

• Analyzed over 90 new settings and services
• Added 43 new security settings
• Updated 13 settings
• Removed 12 settings
• Renamed three settings
• Moved one setting
• Moved, added, and removed sections due to updated ADMX templates
• Addressed over 200 other tickets in the Community

A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen. Special thanks go to Haemish Edgerton and Aaron Margosis.

Download the CIS Microsoft Windows Server Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Ubuntu Linux 20.04 LTS Benchmark v3.0.0

Some items of note for this update:

• Added 177 recommendations
• Added 43 sections
• Dropped 149 recommendations
• Dropped 27 sections
• Moved 134 recommendations
• Moved 28 sections
• Updated 136 recommendations
• Updated 22 sections

A special thank you to the CIS Linux Community and the Nix team. Without their hard work, this Benchmark would not have been possible.

Download the CIS Ubuntu Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS VMware ESXi 8.0 Benchmark v1.2.0

Some items of note for this update:

• Audited and remediated this Benchmark against the latest version of VMware ESXi 8.0
• Updated 18 recommendations

A huge thank you to the CIS VMware Community for making this Benchmark happen. Special thanks go to Robert Plankers, Greg Carpenter, Matthew Reagan, and Tony Wilwerding.

Download the CIS VMware Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

New CIS Benchmarks Released Last Month

• CIS Microsoft Windows Server 2025 Benchmark v1.0.0
• CIS Oracle Database 23ai Benchmark v1.0.0

CIS Microsoft Windows Server 2025 Benchmark v1.0.0

Some items of note for this release:

• Analyzed over 90 new settings and services
• Addressed over 200 other tickets in the Community

Download the CIS Microsoft Windows Server Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Oracle Database 23ai Benchmark v1.0.0

This release represents a significant overhaul of the Benchmark to reflect changes in Oracle Database 23ai as well as new insights and guidance.

A huge thank you to the CIS Oracle Database Community for making this happen! Special thanks go to the Oracle Database Security team as well as to Tim Boles, Nelly Chng, Alexander Kornbrust, Russ Lowenthal, and Jay Mehta.

Download the CIS Oracle Database Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

---

Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today!

If you're interested, please reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.