CIS Benchmarks July 2023 Update

CIS Benchmarks Updated in June

• CIS Amazon Web Services Foundations Benchmark v2.0.0
• CIS Apache HTTP Server 2.4 Benchmark v2.1.0
• CIS Docker Benchmark v1.6.0
• CIS Kubernetes Benchmark v1.7.1
• CIS Microsoft SQL Server 2019 Benchmark v1.3.0
• CIS NGINX Benchmark v2.0.1
• CIS Oracle Database 18c Benchmark v1.1.0
• CIS RedHat OpenShift Container Benchmark v1.4.0
• CIS Ubuntu Linux 20.04 LTS v2.0.1

CIS Amazon Web Services Foundations Benchmark v2.0.0

Here is some of what’s new/changed in this release:

• Reviewed and restructured the monitoring section
• Added three new recommendations
• Expanded wording on multiple networking recommendations
• Update MITRE mappings

Thank you to all in the community that have contributed to the development of this release! Special thanks go to Zan Liffick, Jason Kao, and John Yeo.

Download the CIS Amazon Web Services Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Apache HTTP Server 2.4 Benchmark v2.1.0

Here are some highlights of the work that was done:

• Added support and recommendations for two new security header directives
• Addressed and enhanced the audit process for servers hosted behind non-transparent load balancer
• Improved the remediation process to include allowlisting vs limiting

Special thanks to Ruben Duran, Eljakim Schrijvers, Aaron De Los Reyes, and the Apache community for your continued support and assistance in making this Benchmark the best it can be!

Download the CIS Apache HTTP Server Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Docker Benchmark v1.6.0

Here's an overview of what this updated Benchmark features:

• CIS-CAT assessment capabilities are now included
• Support for Docker versions 20.x – 24.x
• Improved audit and remediation support for docker-specific audit.rules

Special thanks go out to Aaron De Los Reyes and Matthew Reagan. Also, thanks to the community for your continued support and assistance in updating this Benchmark!

Download the CIS Docker Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Kubernetes Benchmark v1.7.1

Here are some highlights of the work that was done to update this Benchmark:

• Bug fixes to remedy CIS-CAT automated checks

Thanks to the community for your continued support and assistance in making this Benchmark the best it can be!

Download the CIS Kubernetes Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft SQL Server 2019 Benchmark v1.3.0

Here's what we did as part of the updating process:

• CIS Critical Security Controls (CIS Controls) v8 mapping
• Excluded "use master" in T-SQL scripts when it is not needed
• Added two new audit actions for SQL Server Audit recommendation
• Updated T-SQL scripts
• Updated T-SQL for recommendation 2.11 and resolved automation for CIS-CAT assessment to run without errors
• Added three new Level 2 – Database Engine recommendations in Encryption section

Thanks to the CIS Microsoft SQL Server Community for making this happen. Special thanks go to Steinar Andersen, Rob Kraft, and Sean McCown.

Download the CIS Microsoft SQL Server Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS NGINX Benchmark v2.0.1

We republished CIS NGINX Benchmark v2.0.0 as v2.0.1 to address a bug within the CIS-CAT content. A CIS-CAT scan failed during an NGINX assessment due to an error in the artifact for recommendation 2.5.4. The issue has been resolved after fixing the artifact for this recommendation.

Download the CIS NGINX Benchmark in PDF.

Visit CIS WorkBench here to download other formats and related resources.

CIS Oracle Database 18c Benchmark v1.1.0

Highlights of this updated Benchmark include:

• Revised audit and remediation procedures for eight recommendations
• Added a recommendation to ensure data in transit is encrypted

Thank you to the community whose contributions are invaluable to our consensus process. Special thanks to Jay Mehta, Nelly Chng, and Emad Al-Mousa.

Download the CIS Oracle Database Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS RedHat OpenShift Container Benchmark v1.4.0

Here are some highlights of this updated Benchmark:

• Improvements to over 30 audit processes
• Support for RedHat OpenShift versions 4.6-4.13
• The addition of 10 new recommendations and one new section

Thanks to the community and the entire RedHat OpenShift team for your continued support and assistance in making this Benchmark the best it can be! Special thanks go out to Kirsten Newcomer, Lance Bragstad, and Jacob Hrozek.

Download the CIS Kubernetes Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Ubuntu Linux 20.04 LTS v2.0.1

This new version includes a bug fix that addresses the "Unknown" results to some recommendations while running CIS-CAT.

Download the CIS Ubuntu Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

New CIS Benchmarks Released in June

• CIS Amazon Linux 2023 Benchmark v1.0.0
• CIS Microsoft Exchange Server 2019 Benchmark v1.0.0

CIS Amazon Linux 2023 Benchmark v1.0.0

A lot of effort has gone into analyzing and creating this Benchmark to cover the new Amazon Linux 2023 release.

A huge thank you to the CIS Linux Community for making this happen. Special thanks go to Jon Christopherson, Graham Eames, Beni Williamson, Simon John, and Tamas Tevesz.

Download the CIS Amazon Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Exchange Server 2019 Benchmark v1.0.0

This Benchmark includes security recommendations that cover the 2019 release of Microsoft Exchange Server.

A huge thank you to the CIS Exchange Community for making this happen. Special thanks go to Todd Curley, Ryan Elder, Niven Sawmynaden, and Andre Zufferey.

Download the CIS Microsoft Exchange Server Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

  

 

---

 

Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today! We're looking for contributors for the following technologies:

• Amazon Aurora: Reach out to [email protected]
• Apache Cassandra
• Check Point Firewall
• Cisco (preferred focus on NX-OS, ACI, ASA, iOS, Meraki, Firepower)
• Google Android
• F5 Networks
• Juniper Networks (preferred focus on Junos OS)
• Microsoft SQL Server
• Palo Alto Networks
• PostgreSQL
• VMware (preferred with EXSi expertise)

 

   
If you're interested, please reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.