CIS Benchmarks December 2024 Update
The following CIS Benchmarks™ and CIS Build Kit have been updated or recently released. We've highlighted the major updates below. Each Benchmark and Build Kit includes a full changelog that references all changes.
CIS Benchmarks Updated Last Month
- CIS Cisco IOS XE 17.x Benchmark v2.1.1
- CIS Google Kubernetes Engine (GKE) AutoPilot Benchmark v1.1.0
- CIS Google Kubernetes Engine (GKE) Benchmark v1.7.0
- CIS Microsoft 365 Foundations Benchmark v4.0.0
- CIS Red Hat Enterprise Linux 8 STIG Benchmark v2.0.0
CIS Cisco IOS XE 17.x Benchmark v2.1.1
Some items of note for this update:
- Corrected regex for AAC after Cisco removed default setting from configuration output
- Fixed broken link in references
Thank you to the Cisco community for the hard work. Special thanks go to Raphael Precigout for assisting with his REGEX expertise.
Download the CIS Cisco Benchmark in PDF.
CIS SecureSuite® Members can visit CIS WorkBench here to download other formats and related resources.
CIS Google Kubernetes Engine (GKE) AutoPilot Benchmark v1.1.0
This Benchmark includes support for Kubernetes clusters built on Kubernetes v1.28, v1.29, and v1.30. Some items of note for this update:
- Over 30 recommendations have been added or enhanced
- The AAC has been improved
- The Benchmark and recommendations have been updated to support Kubernetes v1.30
A huge thank you to the CIS Kubernetes Community for making this happen. Special thanks go to Rory McCune and Mark Larinde for their dedication to making this Benchmark the best it can be.
Download the CIS Kubernetes Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Google Kubernetes Engine (GKE) Benchmark v1.7.0
This Benchmark includes support for Kubernetes clusters built on Kubernetes v1.28, v1.29, and v1.30. Some items of note for this update:
- Over 30 recommendations have been added or enhanced
- The AAC has been improved
- The Benchmark and recommendations have been updated to support Kubernetes v1.30
A huge thank you to the CIS Kubernetes Community for making this happen. Special thanks go to Rory McCune and Mark Larinde for their dedication to making this Benchmark the best it can be.
Download the CIS Kubernetes Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Microsoft 365 Foundations Benchmark v4.0.0
Some items of note for this update:
- Added 19 new recommendations
- Removed 11 recommendations identified as management controls*
- Updated 24 recommendations
- Updated some of the remaining Azure AD references in the document and inside of URLs
- General spelling and grammar corrections
*Management controls were removed in favor of a focus solely on technical controls that can harden the posture of a tenant through configuration changes. These management controls can still be found in older versions of the Benchmark. The above numbers don't reflect minor changes such as punctuation, grammar, formatting, or changes that would not otherwise change the posture of the recommendation. A changelog made to this Benchmark can be viewed in the change history starting on page 443 near the end of the document.
Download the CIS Microsoft 365 Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Red Hat Enterprise Linux 8 STIG Benchmark v2.0.0
Some items of note for this update:
- Added 398 recommendations
- Dropped 383 recommendations
- Updated 144 recommendations
A special thank you to the Linux Community and the Nix team. Without their hard work, this Benchmark would not have been possible.
Download the CIS Red Hat Enterprise Linux Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
New CIS Benchmark Released Last Month
CIS Microsoft Azure Storage Services Benchmark v1.0.0
Version 1.0.0 of the CIS Microsoft Azure Storage Services Benchmark addresses the following 17 Azure Storage Services:
- Archive Storage
- Azure Managed Lustre
- Azure Backup
- Azure Data Lake Storage
- Azure Data Share
- Azure Files
- Azure Storage Actions
- Azure NetApp Files
- Azure Blob Storage
- Azure Data Box
- Azure Disk Storage
- Azure Confidential Ledger
- Azure Elastic SAN
- Queue Storage
- Storage Accounts
- Storage Explorer
- Azure Container Storage
Many thanks to the Azure Community for making this happen! Special thanks go to Azure Community Editor Rachel Rice for her prolific contributions!
Download the CIS Microsoft Azure Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Build Kit Created Last Month
CIS Debian Linux 12 Benchmark v1.1.0
This Build Kit supports all profiles available in the Benchmark and will remediate the target accordingly. In testing against a default Debian Linux 12 installation for the Level 2 Server profile, the CIS Build Kit remediates more than 130 default settings that do not comply with the Benchmark guidance. A follow up scan by CIS-CAT Pro returns a PASS result over 89%.
Some items of note for this release:
- Several new scripts added to support updated recommendations
- Existing scripts were updated for better execution
Download the CIS Debian Linux Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today!
If you're interested, please reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.
