CIS Benchmarks May 2024 Update
The following CIS Benchmarks™ and CIS Build Kits have been updated or recently released. We've highlighted the major updates below. Each Benchmark and Build Kit includes a full changelog that references all changes.
CIS Benchmarks Updated in April
- CIS Apple iOS 17 Benchmark v1.1.0
- CIS Apple iPadOS 17 Benchmark v1.1.0
- CIS Azure Kubernetes Service (AKS) Benchmark v1.5.0
- CIS Cisco ASA 9.x Benchmark v1.1.0 — Final Update
- CIS Fortigate 7.0.x Benchmark v1.3.0
- CIS Microsoft 365 Foundations Benchmark v3.1.0
- CIS Microsoft Windows 10 Stand-alone Benchmark v3.0.0
- CIS Microsoft Windows Server 2016 Benchmark v3.0.0
CIS Apple iOS 17 Benchmark v1.1.0
Some items of note for this update:
- Updated guidance based on feedback
- Added guidance around the Stolen Device Protection feature
A huge thank you to the CIS Apple iOS Community for making this Benchmark happen. Special thanks go to Pierluigi Falcone and Ron Colvin.
Download the CIS Apple iOS Benchmark in PDF.
CIS SecureSuite® Members can visit CIS WorkBench here to download other formats and related resources.
CIS Apple iPadOS 17 Benchmark v1.1.0
Some items of note for this update:
- Updated guidance based on feedback
- Added guidance around the Stolen Device Protection feature
A huge thank you to the CIS Apple iOS Community for making this Benchmark happen. Special thanks go to Pierluigi Falcone and Ron Colvin.
Download the CIS Apple iOS Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Azure Kubernetes Service (AKS) Benchmark v1.5.0
This Benchmark includes support for Kubernetes clusters built on Kubernetes v1.27, v1.28, and v1.29. Some items of note for this update:
- Over 20 recommendations have been automated
- Over 60 recommendations have been edited and enhanced
- The Benchmark and recommendations have been updated to support Kubernetes v1.29
A huge thank you to the CIS Kubernetes Community for making this happen. Special thanks go to Mark Larinde for his dedication to making this Benchmark the best it can be.
Download the CIS Kubernetes Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Cisco ASA 9.x Benchmark v1.1.0 — Final Update
Some items of note for this final update:
- Addressed updated commands to reflect the proper method for audit and remediation
- Removed RIP and RIPv2 recommendations
- Addressed 12 tickets
- Cisco put the ASA platform on End of Support in December 2023. They will be moving forward with a Firepower-based firewall.
Special thanks go to the Cisco community, without whom none of this would be possible.
Download the CIS Cisco Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Fortigate 7.0.x Benchmark v1.3.0
Some items of note for this update:
- Addressed updated commands to reflect the proper method for audit and remediation
- Addressed 56 tickets
Special thanks to Eric Leong and the Fortinet community, without both of whom none of this would be possible.
Download the CIS Fortinet Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Microsoft 365 Foundations Benchmark v3.1.0
Some items of note for this update:
- Added four new recommendations
- Updated 31 recommendations
- Changed references from Azure, AAD, etc. to Entra, Entra ID Protection, and Entra ID
- General spelling and grammar corrections
A huge thank you to the CIS Microsoft 365 Community for making this happen. Special thanks go to Brandon Cox, Cody McLees, and Richard Handley.
Download the CIS Microsoft 365 Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Microsoft Windows 10 Stand-alone Benchmark v3.0.0
Some items of note for this update:
- Analyzed over 40 new settings and services
- Added four new security settings
- Updated 18 settings
- Removed nine settings
- Moved, added, and removed sections due to updated ADMX templates
A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen. Special thanks go to Haemish Edgerton and Aaron Margosis.
Download the CIS Microsoft Windows Desktop Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Microsoft Windows Server 2016 Benchmark v3.0.0
Some items of note for this update:
- Analyzed over 40 new settings and services
- Added seven new security settings
- Updated 17 settings
- Removed nine settings
- Moved, added, and removed sections due to updated ADMX templates
A huge thank you to the CIS Windows Community and Windows Team for making this Benchmark happen. Special thanks go to Haemish Edgerton and Aaron Margosis.
Download the CIS Microsoft Windows Server Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Build Kits Updated in April
- CIS Debian Linux 11 Benchmark v2.0.0
- CIS Microsoft Windows 10 Stand-alone Benchmark v3.0.0
- CIS Microsoft Windows Server 2016 Benchmark v3.0.0
CIS Debian Linux 11 Benchmark v2.0.0
This CIS Build Kit supports all profiles available in the Benchmark and will remediate the target accordingly. In testing against a default Debian Linux 11 installation for the Level 2 Server profile, the Build Kit remediates more than 120 default settings that do not comply with the Benchmark guidance. A follow-up scan by CIS-CAT® Pro Assessor returns a PASS result of over 90%.
Some items of note for this update:
- New scripts for the PAM section
- New scripts for firewall recommendations
- Updated the Build Kit naming convention to make it easier for our members to track Build Kit versions
Download the CIS Debian Linux Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today! We're looking for contributors for the following technologies:
If you're interested, please reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.
