The following CIS Benchmarks have been updated. We've highlighted the major updates below. Each Benchmark includes a full changelog that can be referenced to see all changes made.
Major changes for the macOS 11.0 Big Sur, 12.0 Monterey, and 13.0 Ventura updates include the following:
Within the associated CIS Build Kits, we have added an option that combines the existing profiles into fewer files to install or upload to an MDM.
Special thanks go out to Ron Colvin, William Harrison, Bob Gendler, and John Mahlman.
Download the CIS Apple macOS Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here, here, and here to download other formats and related resources.
The CIS team has devoted significant time and effort to enhancing the CIS-CAT content for this Benchmark, ensuring it remains relevant and valuable to members.
Here's a look at what we did to produce this updated Benchmark:
Added CIS-CAT coverage for 14 recommendations
A huge thank you to the CIS team for making this happen.
Download the CIS Microsoft IIS Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
Here's a quick overview of the key improvements we've made in this update:
A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen.
Download the CIS Microsoft Windows Desktop Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
Here is a highlight of the work that was done:
A huge thank you to the CIS pfSense Community for making this happen. Special thanks go to Daniel Brown.
Download the CIS pfSense Firewall Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CVE-2023-36884 covers multiple RCE vulnerabilities that affect Microsoft Windows and Office products. In a security advisory, Microsoft explains that it "is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents."
A patch for CVE-2023-36884 is not available as of this writing. While you wait for a fix, you can implement any of the following CIS Microsoft Windows Workstation/Server Benchmarks to mitigate this vulnerability: Microsoft Windows 10, Windows 11, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, and Windows Server 2022.
Our research shows that doing so mitigates CVE-2023-36884. (Microsoft's recommendations in the security advisory above align with what's already present in our CIS Benchmarks and CIS Hardened Images.)
The following security recommendations mitigate the vulnerabilities (recommendations are sourced from the CIS Microsoft Windows 10 Benchmark):
We are approaching a review of our CIS Password Policy guide. If you’re interested in participating or providing feedback, please reach out to [email protected] or join the community and indicate your interest.
Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today! We're looking for contributors for the following technologies: