HomeInsightsBlog PostsCIS Benchmarks June 2024 Update

CIS Benchmarks June 2024 Update

CIS-Benchmarks

The following CIS Benchmarks™ and CIS Build Kits have been updated or recently released. We've highlighted the major updates below. Each Benchmark and Build Kit includes a full changelog that references all changes.

CIS Benchmarks Updated in May

CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.5.0

Some items of note for this update:

  • 19 recommendations have been automated
  • 45 recommendations have been edited and enhanced
  • The Benchmark and recommendations have been updated to support Kubernetes v1.30

A huge thank you to the CIS Kubernetes Community for making this happen. Special thanks go to Mark Larinde, Rory McCune, and Tony Wilwerding for making this Benchmark the best it can be.

Download the CIS Kubernetes Benchmark in PDF.

CIS SecureSuite® Members can visit CIS WorkBench here to download other formats and related resources.

CIS Google Container-Optimized OS Benchmark v1.2.0

Thank you to all the contributors for their time invested in this updated to the Benchmark. A special thanks go to Michael Kochera and the rest of the Google team for their work on this update.

Download the CIS Google Cloud Computing Platform Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Google Workspace Foundations Benchmark v1.2.0

Some items of note for this update:

  • Added guidance around new features
  • Clarified guidance in regards to user access
  • Removed recommendations that had been deprecated

A huge thank you to the CIS Google Chrome and Google Workspace Communities for making this Benchmark happen.

Download the CIS Google Workspace Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft SQL Server 2019 Benchmark v1.4.0

Some items of note for this update:

  • Added a section for the creation of an audit/scan user
  • Updated and corrected multiple audit procedures to improve accuracy of results

Download the CIS Microsoft SQL Server Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows 10 EMS Gateway Benchmark v3.0.0

Some items of note for this update:

  • Analyzed over 40 new settings and services
  • Added four new security settings
  • Updated 18 settings
  • Removed nine settings
  • Moved, added, and removed sections due to updated ADMX templates

A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen. Special thanks go to Haemish Edgerton and Aaron Margosis.

Download the CIS Microsoft Windows Desktop Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows 11 Stand-alone Benchmark v3.0.0

Some items of note for this update:

  • Analyzed over 40 new settings and services
  • Added nine new security settings
  • Updated 18 settings
  • Removed 10 settings
  • Renamed one setting
  • Moved, added, and removed sections due to updated ADMX templates

A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen. Special thanks go to Haemish Edgerton and Aaron Margosis.

Download the CIS Microsoft Windows Desktop Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows Server 2019 Benchmark v3.0.1

Some items of note for this update:

  • Fixed an artifact issue for one recommendation to be included in CIS-CAT® this month

Download the CIS Microsoft Windows Server Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) Benchmark v1.5.0

This Benchmark includes support for Kubernetes clusters built on Kubernetes v1.28, v1.29, and v1.30. Some items of note for this update:

  • 20 recommendations have been automated
  • 43 recommendations have been edited and enhanced
  • The Benchmark and recommendations have been updated to support Kubernetes v1.30

This Benchmark exemplifies what a community of users, vendors, and subject matter experts can accomplish through consensus collaboration. The CIS community thanks the entire consensus team, with special recognition to the individuals who contributed greatly to the creation of this guide.

Download the CIS Kubernetes Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Palo Alto Firewall 10 Benchmark v1.2.0

Some items of note for this update:

  • Addressed 22 tickets
  • Updated AAC for more CIS-CAT coverage

Special thanks go to Eric Leong and the Palo Alto community. Without your hard work, none of this would have been possible.

Download the CIS Palo Alto Networks Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Palo Alto Firewall 11 Benchmark v1.1.0

Some items of note for this update:

  • Addressed 22 tickets
  • Updated AAC for more CIS-CAT coverage

Special thanks go to Eric Leong and the Palo Alto community. Without your hard work, none of this would have been possible.

Download the CIS Palo Alto Networks Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

New CIS Benchmarks Released in May

CIS Apple macOS 12.0 Monterey Cloud-tailored Benchmark v1.0.0

This is the first Benchmark we have released for macOS that offers settings for running macOS 12 Monterey in a cloud environment. Some items of note for this release:

  • This Benchmark mirrors the non-Cloud-tailored CIS Apple macOS 12.0 Monterey Benchmark
  • All macOS configuration profile and GUI based methods have been removed, leaving just the Terminal method of setting each recommendation
  • Recommendations that are not applicable, or would impede working in a cloud environment, have been removed

A huge thanks to the CIS Apple macOS Community for making this happen. A Build Kit for this Benchmark will follow shortly.

Download the CIS Apple macOS Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Apple macOS 13.0 Ventura Cloud-tailored Benchmark v1.0.0

This is the first Benchmark we have released for macOS that offers settings for running macOS 13 Ventura in a cloud environment. Some items of note for this release:

  • This Benchmark mirrors the non-Cloud-tailored CIS Apple macOS 13.0 Ventura Benchmark
  • All macOS configuration profile and GUI based methods have been removed, leaving just the Terminal method of setting each recommendation
  • Recommendations that are not applicable, or would impede working in a cloud environment, have been removed

A huge thanks to the CIS Apple macOS Community for making this happen. A Build Kit for this Benchmark will follow shortly.

Download the CIS Apple macOS Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Cloud-tailored Apple macOS 14 Sonoma Benchmark v1.0.0

This is the first Benchmark we have released for macOS that offers settings for running macOS 14 Sonoma in a cloud environment. Some items of note for this release:

  • This Benchmark mirrors the non-Cloud-tailored CIS Apple macOS 14.0 Sonoma Benchmark
  • All macOS configuration profile and GUI based methods have been removed, leaving just the Terminal method of setting each recommendation
  • Recommendations that are not applicable, or would impede working in a cloud environment, have been removed

A huge thanks to the CIS Apple macOS Community for making this happen. A Build Kit for this Benchmark will follow shortly.

Download the CIS Apple macOS Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Build Kits Updated in May

CIS Ubuntu Linux 22.04 LTS Benchmark v2.0.0

This Build Kit supports all profiles available in the Benchmark and will remediate the target accordingly. In testing against a default Ubuntu 22.04 Linux installation for the Level 2 Server profile, the Build Kit remediates more than 120 default settings that do not comply with the Benchmark guidance. A follow up scan by CIS-CAT Pro assessment returns a PASS result over 88%.

Some items of note for this update:

  • New logging file added to capture all excluded and Not Applicable recommendations
  • Updated the Build Kit naming convention to make it easier for our members to track Build Kit versions

Download the CIS Ubuntu Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS SUSE Linux Enterprise 15 Benchmark v1.1.1

This Build Kit supports all profiles available in the Benchmark and will remediate the target accordingly. In testing against a default SUSE Linux Enterprise 15 installation for the Level 2 Server profile, the Build Kit remediates more than 75 default settings that do not comply with the Benchmark guidance. A follow up scan by CIS-CAT Pro assessment returns a PASS result over 85%.

Some items of note for this update:

  • 26 new scripts for SUSE Linux Enterprise 15
  • Updated scripts for services section

Special thanks go to David Neilson for making this Build Kit happen.

Download the CIS SUSE Linux Enterprise Server Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

  

 

 

Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today! We're looking for contributors for the following technologies:

  

If you're interested, please reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.

   

Related Resources