CIS Benchmarks July 2024 Update

CIS-Benchmarks

The following CIS Benchmarks™ have been updated or recently released. We've highlighted the major updates below. Each Benchmark includes a full changelog that references all changes.

CIS Benchmarks Updated Last Month

CIS AlmaLinux OS 9 Benchmark v2.0.0

Some items of note for this update:

  • Added:
    • 44 sections
    • 165 recommendations
  •  Dropped:
    • 27 sections
    • 123 recommendations
  •  Updated:
    • 12 sections
    • 15 recommendations

A huge thank you to the 'Nix Team and the Linux community for all their hard work to make this updated Benchmark possible.

Download the CIS AlmaLinux OS Benchmark in PDF.

CIS SecureSuite® Members can visit WorkBench here to download other formats and related resources.

CIS Apple macOS 12.0 Monterey Benchmark v3.1.0

Some items of note for this update:

  • Updated guidance around sleep and hibernate modes
  • Modified guidance on Time Servers
  • Added guidance about device tracking
  • Significant updates to the Safari recommendations

Special thanks go to Ron Colvin, William Harrison, Bob Gendler, Allen Golbig, Dan Brodjieski, and Isaac Ordonez.

Download the CIS Apple macOS Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Apple macOS 13.0 Ventura Benchmark v2.1.0

Some items of note for this update:

  • Updated guidance around sleep and hibernate modes
  • Modified guidance on Time Servers
  • Added guidance about device tracking
  • Significant updates to the Safari recommendations

Special thanks go to Ron Colvin, William Harrison, Bob Gendler, Allen Golbig, Dan Brodjieski, and Isaac Ordonez.

Download the CIS Apple macOS Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Apple macOS 14.0 Sonoma Benchmark v1.1.0

Some items of note for this update:

  • Updated guidance around sleep and hibernate modes
  • Modified guidance on Time Servers
  • Added guidance about device tracking
  • Significant updates to the Safari recommendations

Special thanks go to Ron Colvin, William Harrison, Bob Gendler, Allen Golbig, Dan Brodjieski, and Isaac Ordonez.

Download the CIS Apple macOS Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Google Kubernetes Engine (GKE) Benchmark v1.6.0

This Benchmark includes support for Kubernetes clusters built on Kubernetes v1.28, v1.29, and v1.30. Some items of note for this update:

  • 22 recommendations have been automated
  • 43 recommendations have been edited and enhanced
  • The Benchmark and recommendations have been updated to support Kubernetes v1.30

Special thanks go to the Google team, especially Poonam Lamba, Michele Chubirka, Shannon Kularathana, Vinayak Goyal, Andrew Peabody, and Padma Padmalatha.

Download the CIS Kubernetes Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows Server 2019 Stand-alone Benchmark v2.0.0

Some items of note for this update:

  • Added four new security settings
  • Updated 11 settings
  • Removed eight settings
  • Moved, added, and removed sections due to updated ADMX templates

A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen. Special thanks go to Haemish Edgerton and Aaron Margosis.

Download the CIS Microsoft Windows Server Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS NGINX Benchmark v2.1.0

Some items of note for this update:

  • Updated NGINX user privileges script to check for the right user
  • Addressed five tickets

A huge thank you to entire CIS NGINX Community for making this happen.

Download the CIS NGINX Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Oracle Linux 9 Benchmark v2.0.0

Some items of note for this update:

  • Addressed 101 tickets
  • Added:
    • 44 sections
    • 165 recommendations
  •  Dropped:
    • 27 sections
    • 123 recommendations
  •  Updated:
    • 12 sections
    • 15 recommendations

A huge thank you to the 'Nix Team and the Linux community for all their hard work to make this updated Benchmark possible.

Download the CIS Oracle Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Red Hat Enterprise Linux 9 Benchmark v2.0.0

Some items of note for this update:

  • Added:
    • 44 sections
    • 165 recommendations
  •  Dropped:
    • 27 sections
    • 123 recommendations
  •  Updated:
    • 11 sections
    • 14 recommendations

A huge thank you to the 'Nix Team and the Linux community for all their hard work to make this updated Benchmark possible.

Download the CIS Red Hat Enterprise Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Red Hat OpenShift Container Platform Benchmark v1.6.0

This Benchmark includes support for the latest release of OpenShift v4.15. Some items of note for this update:

  • The entire Benchmark was edited and improved to support v4.1.5
  • 27 recommendations have been reviewed and improved as needed
  • All automated recommendations have been reviewed and improved to support v4.1.5

This Benchmark exemplifies the great things a community of users, vendors, and subject matter experts can accomplish through consensus collaboration. The CIS community thanks the entire consensus team, with a special thanks to Mark Larinde and Lance Bragstad.

Download the CIS Kubernetes Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Rocky Linux 9 Benchmark v2.0.0

Some items of note for this update:

  • Addressed 101 tickets
  • Added:
    • 44 sections
    • 165 recommendations
  •  Dropped:
    • 27 sections
    • 123 recommendations
  •  Updated:
    • 12 sections
    • 15 recommendations

A huge thank you to the 'Nix Team and the Linux community for all their hard work to make this updated Benchmark possible.

Download the CIS Rocky Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

New CIS Benchmarks Released Last Month

CIS AWS Storage Services Benchmark v1.0.0

We are excited to announce the publication of the new CIS AWS Storage Services Benchmark v1.0.0! Version 1.0.0 of this Benchmark addresses the following five AWS Storage Services:

  • Amazon Elastic Block Store (EBS)
  • Amazon Elastic File System (EFS)
  • Amazon FSx
  • Amazon Simple Storage Service (S3)
  • AWS Elastic Disaster Recovery (EDS)

Many thanks to the AWS Community for making this happen!

Download the CIS Amazon Web Services Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Azure Database Services Benchmark v1.0.0

We are excited to announce the publication of the newest CIS Cloud Service Category Benchmark: CIS Azure Database Services Benchmark v1.0.0! Version 1.0.0 of this Benchmark addresses the following 15 Azure Database Services:

  • Azure Cache for Redis
  • Azure Cosmos DB
  • Azure Data Factory
  • Azure Database for MariaDB
  • Azure Database for MySQL
  • Azure Database for PostgreSQL
  • Azure Database Migration Service
  • Azure SQL
  • Azure SQL Database
  • Azure SQL Edge
  • Azure SQL Managed Instance
  • SQL Server on Azure Virtual Machines
  • Table Storage
  • Azure Managed Instance for Apache Cassandra
  • Azure confidential ledger

Many thanks to the Azure Community for making this happen!

Download the CIS Microsoft Azure Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

Additional CIS Benchmarks Announcements

Are you interested in providing feedback to the Benchmarks Product Team about the prioritization of the Benchmarks recommendations and/or how the Level 1 and Level 2 recommendations are categorized? We’d love to hear from you! Contact [email protected].

 


 

Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today! We're looking for contributors for the following technologies:

  

If you're interested, please reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.