HomeInsightsBlog PostsCIS Benchmarks November 2023 Update

CIS Benchmarks November 2023 Update

CIS-Benchmarks

The following CIS Benchmarks have been released or updated. We've highlighted the major updates below. Each Benchmark includes a full changelog that can be referenced to see all changes made.

CIS Benchmarks Updated in October

CIS AlmaLinux OS 8 Benchmark v3.0.0

Some items of note for this update:

  • Addressed 161 tickets
  • Updated 126 recommendations
  • Added 141 recommendations
  • Removed 127 recommendations
  • Updated the PAM section to better leverage authselect
  • Updated the section relating to local user accounts authentication
  • Updated the section for openSSH to better account for include statements and dropin configuration files

Special thanks go to Jonathan Lewis Christopherson, James Trigg, Graham Eames, and Simon John-Eric.

Download the CIS AlmaLinux OS Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Azure Kubernetes Service (AKS) Benchmark v1.4.0

This Benchmark includes support for Kubernetes clusters built on Kubernetes v1.25, 1.26, and 1.27. It comes with the following changes:

  • Added or enhanced over 50 recommendations
  • Improved the AAC
  • Updated the Benchmark and recommendations to support Kubernetes v1.27

A huge thank you to the CIS Kubernetes Community for making this happen. Special thanks go to Mark Larinde for his dedication to making this Benchmark the best it can be.

Download the CIS Kubernetes Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Fortigate 7.0.x Benchmark v1.2.0

Some items of note that we incorporated into this update:

  • Enable Limited TLS Versions for SSL VPN
  • Ensure DNS server is configured
  • Ensure "Monitor Interfaces" for High Availability Devices is Enabled

A special thanks to Eric Leong and Daniel Brown.

Download the CIS Fortinet Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS IBM AIX 7.2 Benchmark v1.1.0

Some items of note for this update:

  • Updated 12 recommendations
  • Marked the Benchmark as a terminal release

A huge thank you to our author Michael Felt and key contributors Graham Earms and Anoop Amourya. Without their help, we couldn't have made this happen.

Download the CIS IBM AIX Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS IBM z/OS V2R5 with RACF Benchmark v1.1.0

Special thanks go to Mark Nelson and Anuja Deedwaniya for their work in helping to update this Benchmark.

Download the CIS IBM Z System Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Apple macOS Benchmarks – Three Updated Benchmarks, One New Release

We are excited to announce the following CIS macOS Benchmarks this month:

  • CIS Apple macOS 11.0 Big Sur Benchmark v4.0.0
  • CIS Apple macOS 12.0 Monterey Benchmark v3.0.0
  • CIS Apple macOS 13.0 Ventura Benchmark v2.0.0
  • CIS Apple macOS 14.0 Sonoma Benchmark v1.0.0 – NEW!

Some items of note for this update:

  • Updated guidance for Apple's newest operating system and added new recommendations based on new functionality in macOS 14.0
  • Added recommendations to the Safari sub-section to complete the move from a stand-alone Safari Benchmark to one included inside macOS
  • Added missing functionality that was not auditable in previous versions of the Benchmarks
  • Clarified the password and updated the guidance

Special thanks go to Ron Colvin, William Harrison, Bob Gendler, Allen Golbig, Dan Brodjieski, and Isaac Ordonez.

Download the CIS Apple macOS Benchmarks in PDF.

CIS SecureSuite Members can visit CIS WorkBench here, here, here, and here to download other formats and related resources.

CIS Microsoft 365 Foundations Benchmark v3.0.0

Some items of note for this update:

  • Added 34 recommendations
  • Updated 15 recommendations
  • Removed one recommendation
  • Reorganized the Benchmark according to Admin Centers and created a mapping document

A huge thank you to the CIS Microsoft 365 Community for making this happen. Special thanks go to Brandon Cox, Cody McLees, and Richard Handley. 

Download the CIS Microsoft 365 Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Intune for Windows 10 Benchmark v2.0.0

Some items of note for this update:

  • Removed 10 recommendations
  • Added four new recommendations
  • Updated four recommendations
  • Moved two recommendations.

A huge thank you to the CIS Windows Community and Windows team for making this Benchmark happen.

Download the CIS Microsoft Intune for Windows Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Intune for Windows 11 Benchmark v2.0.0

Some items of note for this update:

  • Removed nine recommendations
  • Added four new recommendations
  • Updated four recommendations
  • Moved two recommendations.

A huge thank you to the CIS Windows Community and Windows team for making this Benchmark happen.

Download the CIS Microsoft Intune for Windows Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows Server 2012 (non-R2) Benchmark v3.0.0 – FINAL UPDATE

Some items of note for this update:

  • Removed three recommendations
  • Added four new recommendations
  • Updated three recommendations
  • Moved two recommendations

Thank you to the CIS Windows Community and Windows team for making this Benchmark happen. Special thanks go to Haemish Edgerton.

Download the CIS Microsoft Windows Server Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows Server 2012 R2 Benchmark v3.0.0 – FINAL UPDATE

Some items of note for this update:

  • Removed three recommendations
  • Added six new recommendations
  • Updated three recommendations
  • Moved two recommendations

Thank you to the CIS Windows Community and Windows team for making this Benchmark happen. Special thanks go to Haemish Edgerton.

Download the CIS Microsoft Windows Server Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Microsoft Windows Server 2016 STIG Benchmark v2.0.0

Some items of note for this update:

  • Removed five recommendations
  • Added 13 new recommendations
  • Updated seven recommendations
  • Moved two recommendations

A huge thank you to the CIS Windows Community and Windows team for making this Benchmark happen.

Download the CIS Microsoft Windows Server Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

Two Updated CIS MongoDB Benchmarks

These Benchmarks include support for the latest available versions of each of these database platforms.

  • CIS MongoDB 5.0 Benchmark v1.2.0
  • CIS MongoDB 6.0 Benchmark v1.1.0

Some items of note for this update:

  • Added or enhanced over 20 recommendations
  • Added six new automated assessments
  • Improved the AAC

Lots of time and effort goes into creating a new technology release Benchmark. A huge thank you to the CIS MongoDB Community for making these Benchmarks a reality.

Download the CIS MongoDB Benchmarks in PDF.

CIS SecureSuite Members can visit CIS WorkBench here and here to download other formats and related resources.

CIS Oracle Linux 8 Benchmark v3.0.0

Some items of note for this update:

  • Addressed 161 tickets
  • Updated 126 recommendations
  • Added 141 recommendations
  • Removed 127 recommendations
  • Updated the PAM section to better leverage authselect
  • Updated the section relating to local user accounts authentication
  • Updated the section for openSSH to better account for include statements and dropin configuration files

Special thanks go to Jonathan Lewis Christopherson, James Trigg, Graham Eames, and Simon John-Eric.

Download the CIS Oracle Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Oracle MySQL Enterprise Edition 8.0 Benchmark v1.3.0

Some items of note for this update that we fixed:

  • False positives/negatives
  • Errors in queries
  • Inconsistencies between textual guidance and queries

A huge thank you to the entire CIS Oracle MySQL Community for making this happen. Special thanks go to Mike Frank for his contributions to this release.

Download the CIS Oracle MySQL Benchmark in PDF.

CIS SecureSuite Members can CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Red Hat Enterprise Linux 8 Benchmark v3.0.0

Some items of note for this update:

  • Addressed 161 tickets
  • Updated 126 recommendations
  • Added 141 recommendations
  • Removed 127 recommendations
  • Updated the PAM section to better leverage authselect
  • Updated the section relating to local user accounts authentication
  • Updated the section for openSSH to better account for include statements and dropin configuration files

Special thanks go to Jonathan Lewis Christopherson, James Trigg, Graham Eames, and Simon John-Eric.

Download the CIS Red Hat Enterprise Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Rocky Linux 8 Benchmark v2.0.0

Some items of note for this update:

  • Addressed 161 tickets
  • Updated 126 recommendations
  • Added 141 recommendations
  • Removed 127 recommendations
  • Updated the PAM section to better leverage authselect
  • Updated the section relating to local user accounts authentication
  • Updated the section for openSSH to better account for include statements and dropin configuration files

Special thanks go to Jonathan Lewis Christopherson, James Trigg, Graham Eames, and Simon John-Eric.

Download the CIS Rocky Linux Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

New CIS Benchmarks Released in October

New CIS Benchmarks for Apple iOS 17 and iPadOS 17

We are excited to announce the publication of the following Benchmarks and related CIS Build Kits:

  • CIS Apple iOS 17 Benchmark v1.0.0
  • CIS Apple iPadOS 17 Benchmark v1.0.0

Here are some highlights of the work that was done:

  • Updated guidance for both of Apple's new mobile OS platforms
  • Separated iPadOS into its own Benchmark, as the platform adds new iPad-specific functionality
  • Added guidance around features of the new OS
  • Build Kits are configured for both the end-user-owned device and the institutionally-owned device.

A huge thank you to the CIS Apple iOS Community for making these Benchmarks happen. Special thanks go to Pierluigi Falcone and Ron Colvin.

Download the CIS Apple iOS Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here and here to download other formats and related resources.

CIS Cisco IOS XR 7.x Benchmark v1.0.0

A huge thank you to Grant Wilson and Manuel Widmer for making this Benchmark happen.

Download the CIS Cisco Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Oracle MySQL Community 8.0 Benchmark v1.0.0

A huge thank you to the entire CIS Oracle MySQL Community for making this happen. Special thanks go to Mike Frank for his contributions to this release.

Download the CIS Oracle MySQL Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS Snowflake Foundations Benchmark v1.0.0

This Benchmark includes support for the latest available version of the Snowflake at the time of publication.

A huge thank you to the CIS Snowflake Community for making this Benchmark a reality. Special thanks to Snowflake Inc. for their team’s assistance with this Benchmark, especially Iulia Ion, Oleg Mitrofanov, Cameron Tekiyeh, Frantisek Rolinek, Anoosh Saboori, Prasoon Shukla, David Schultz, and Shad Sharma.

Download the CIS Snowflake Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

CIS VMWare ESXi 8.0 Benchmark v1.0.0

This Benchmark includes completely new sections and recommendations that specifically address the unique features and functionality of VMWare v8.0:

  • Added or enhanced over 100 recommendations
  • Improved the AAC
  • Specific hardware, virtual machine, and VMware Tools sections now provide details on how to address specific attack vectors

A huge thank you to the CIS Kubernetes Community for making this happen. Special thanks go out to Bob Plankers!

Download the CIS VMware Benchmark in PDF.

CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.

Additional CIS Benchmarks Announcements

Are you interested in providing feedback to the Benchmarks Product team about the prioritization of the Benchmarks recommendations and/or how the Level 1 and Level 2 recommendations are categorized? We’d love to hear from you! Contact [email protected].

   

 

Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today! We're looking for contributors for the following technologies:

 

   
If you're interested, please reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.

Related Resources