CIS Benchmarks June 2023 Update

The following CIS Benchmarks have been updated or released. We've highlighted the major updates below. Each Benchmark includes a full changelog that can be referenced to see all changes made.

Palo Alto Firewall Benchmarks Released in May

We are excited to announce the publication of the following:

• Final Update to CIS Palo Alto Firewall 9 Benchmark v1.1.0
• Updates to CIS Palo Alto Firewall 10 Benchmark v1.1.0
• New CIS Palo Alto Firewall 11 Benchmark v1.0.0

Our team has devoted significant time and effort to enhancing the content of these Benchmarks, ensuring they remain relevant and valuable to members.

Here’s a quick overview of the key improvements we made in these updates:

• Added seven new settings in Palo Alto 10
• Removed outdated wildfire settings
• Updated and expanded automated assessment capabilities for CIS-CAT scanning

A huge thank you to the CIS Palo Alto community for making these Benchmarks happen. Special thanks go to Eric Leong.

Download the CIS Palo Alto Networks Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here, here, and here to download other formats and related resources.

Other CIS Benchmarks Updated in May

• CIS Microsoft Windows 10 Standalone Benchmark v2.0.0
• CIS Microsoft Windows 11 Standalone Benchmark v2.0.0
• CIS Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) Benchmark v1.3.0
• CIS Amazon Kubernetes Service (EKS) Benchmark v1.3.0
• CIS Debian Linux 10 Benchmark v2.0.0
• CIS Ubuntu Linux 20.04 LTS Benchmark v2.0.0

CIS Microsoft Windows 10 Standalone Benchmark v2.0.0

Here are some highlights of the work that was done:

• Removed one recommendation
• Added 23 new recommendations
• Updated three recommendations

A huge thank you to the CIS Windows Community and Windows Team for making this happen. Special thanks go to Haemish Edgerton.

Download the CIS Microsoft Windows Desktop Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows 11 Stand-alone Benchmark v2.0.0

Here's an overview of what we did to produce this Benchmark:

• Removed one recommendation
• Added 29 new recommendations
• Updated six recommendations

A huge thank you to the CIS Windows Community and Windows Team for making this happen. Special thanks go out to Haemish Edgerton, Hardeep Mehrotara, and Kevin Zhang!

Download the CIS Microsoft Windows Desktop Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) Benchmark v1.3.0

Here's what we did to update this Benchmark

• Support for Kubernetes v1.24, 1.25 and 1.26 included
• Added best practice guidance for rotating certificates
• Replaced deprecated and out-of-date guidance for Pod Security Policies

A huge thank you to the CIS Kubernetes Community for making this happen. Special thanks go to Mark Larinde.

Download the CIS Kubernetes Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Amazon Kubernetes Service (EKS) Benchmark v1.3.0

Here's an overview of what we changed in this Benchmark:

• Added improved audit and remediation guidance to seven recommendations
• Edited section 4.5 Admission controls
• Replaced and deprecated and out-of-date guidance for Pod Security Policies

A huge thank you to the CIS Kubernetes Community for making this happen. Special thanks go to Daniel Burns, Joe Bowbeer, and Rory McCune.

Download the CIS Kubernetes Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Debian Linux 10 Benchmark v2.0.0

Here's a summary of what we did to produce this update:

• 114 new recommendations
• 64 deleted recommendations
• 140 updated recommendations

A huge thank you to the CIS Linux Community for making this happen. Special thanks go to Jon Christopherson, Graham Eames, James Trigg, Simon John, and Tamas Tevesz.

Download the CIS Debian Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Ubuntu Linux 20.04 LTS Benchmark v2.0.0

Here's an overview of what we included in this Benchmark:

• 114 new recommendations
• 64 deleted recommendations
• 140 updated recommendations

A huge thank you to the CIS Linux Community for making this happen. Special thanks go to Jon Christopherson, Graham Eames, James Trigg, Simon John, and Tamas Tevesz.

Download the CIS Ubuntu Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

 

 

---

 

Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today! We're looking for contributors for the following technologies:

• Apache Cassandra
• Check Point Firewall
• Cisco (preferred focus on NX-OS, ACI, ASA, iOS, Meraki, Firepower)
• Fortinet (preferred focus on FortiGate)
• F5 Networks
• Juniper Networks (preferred focus on Junos OS)
• Microsoft SQL Server
• PostgreSQL
• VMware (preferred with EXSI expertise)
• Contact [email protected] if interested in participating for:
  • AWS and/or Azure services
  • Flatcar Container Linux
  • SUSE Linux Enterprise SAP Server

   
If you're interested, please reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.