CIS Benchmarks September 2024 Update

The following CIS Benchmarks™ and CIS Build Kits have been updated or recently released. We've highlighted the major updates below. Each Benchmark and Build Kit includes a full changelog that references all changes.

CIS Benchmarks Updated Last Month

• CIS Apache Cassandra 3.11 Benchmark v1.2.0 — FINAL UPDATE
• CIS Apache Cassandra 4.0 Benchmark v1.1.0
• CIS Microsoft Windows Server 2016 STIG Benchmark v3.0.0

CIS Apache Cassandra 3.11 Benchmark v1.2.0 — FINAL UPDATE

This is the final release of the CIS Benchmark for CIS Apache Cassandra 3.11. We encourage you to migrate to a more recent, supported version of this technology.

Some items of note for this update:

• This Benchmark includes support for Apache Cassandra 3.11.17
• All recommendations have been reviewed, tested, and validated to support v3.11.17

This Benchmark exemplifies the great things a community of users, vendors, and subject matter experts can accomplish through consensus collaboration. The CIS Community thanks the entire consensus team, with special recognition to Joseph Testa, Tony Wilwerding, and Chriag Shah.

Download the CIS Apache Cassandra Benchmark in PDF.

CIS SecureSuite^® Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Apache Cassandra 4.0 Benchmark v1.1.0

Some items of note for this update:

• This Benchmark includes support for Apache Cassandra 4.0.13
• All recommendations have been reviewed, tested, and validated to support v4.0.13

This Benchmark exemplifies the great things a community of users, vendors, and subject matter experts can accomplish through consensus collaboration. The CIS Community thanks the entire consensus team, with special recognition to Joseph Testa, Tony Wilwerding, and Chriag Shah.

Download the CIS Apache Cassandra Benchmark in PDF.

CIS SecureSuite^® Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Microsoft Windows Server 2016 STIG Benchmark v3.0.0

Some items of note for this update:

• Added 12 settings
• Updated 30+ settings
• Removed 10 settings

A huge thank you to the CIS Microsoft Web Browser Community for making this Benchmark happen.

Download the CIS Microsoft Windows Server Benchmark in PDF.

CIS SecureSuite^® Members can visit CIS WorkBench here to download other formats and related resources. 

New CIS Benchmarks Released Last Month

• CIS Apache Cassandra 4.1 Benchmark v1.0.0
• CIS Apache Tomcat 10.1 Benchmark v1.0.0
• CIS FreeBSD 14 Benchmark v1.0.0
• CIS Google ChromeOS Benchmark v1.0.0
• CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0

CIS Apache Cassandra 4.1 Benchmark v1.0.0

Some items of note for this update:

• This Benchmark includes support for Apache Cassandra 4.1.6
• All recommendations have been reviewed, tested, and validated to support v4.1.6

This Benchmark exemplifies the great things a community of users, vendors, and subject matter experts can accomplish through consensus collaboration. The CIS Community thanks the entire consensus team, with special recognition to Joseph Testa, Tony Wilwerding, and Chriag Shah.

Download the CIS Apache Cassandra Benchmark in PDF.

CIS SecureSuite^® Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Apache Tomcat 10.1 Benchmark v1.0.0

Some items of note for this update:

• The Benchmark is the first version that supports Apache Tomcat 10.1
• All automated recommendations have been reviewed, tested, and validated to support 10.1

This Benchmark exemplifies the great things a community of users, vendors, and subject matter experts can accomplish through consensus collaboration. The CIS Community thanks the entire consensus team, with special recognition to Matt Reagan, Tony Wilwerding, Joern Krueger, and James Scott.

Download the CIS Apache Tomcat Benchmark in PDF.

CIS SecureSuite^® Members can visit CIS WorkBench here to download other formats and related resources. 

CIS FreeBSD 14 Benchmark v1.0.0

This Benchmark was developed and tested against FreeBSD version 14.

A huge thank you to the CIS FreeBSD Community for making this Benchmark happen. Special thanks go to Moin Rahman, Carole Fennelly, and Allan Jude.

Download the CIS FreeBSD Benchmark in PDF.

CIS SecureSuite^® Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Google ChromeOS Benchmark v1.0.0

Some items of note for this update:

• First major security guidance for ChromeOS
• Guidance created in partnership with Google
• Includes applicable Google Chrome and Google Workspace Benchmarks recommendations
• Additional guidance for organizations using managed guest sessions for ChromeOS

A huge thanks to the CIS Google Community for making this happen.

Download the CIS Google Chrome Benchmark in PDF.

CIS SecureSuite^® Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0

A huge thank you to the CIS Linux and Ubuntu Linux Communities for making this Benchmark happen.

Download the CIS Ubuntu Linux Benchmark in PDF.

CIS SecureSuite^® Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Build Kits Created Last Month

• CIS AlmaLinux OS 9 Benchmark v2.0.0
• CIS Red Hat Enterprise Linux 9 Benchmark v2.0.0
• CIS Rocky Linux 9 Benchmark v2.0.0
• CIS Oracle Linux 9 Benchmark v2.0.0

CIS AlmaLinux OS 9 Benchmark v2.0.0

This Build Kit supports all profiles available in the Benchmark and will remediate the target accordingly. In testing against a default AlmaLinux 9.4 installation for the Level 2 Server profile, the Build Kit remediates more than 100 default settings that do not comply with the Benchmark guidance. A follow-up scan by a CIS-CAT® Pro assessment returns a PASS result over 94%.

Some items of note for this Build Kit:

• Several new scripts added to support updated recommendations
• Existing scripts updated for better execution

Download the CIS AlmaLinux OS Benchmark in PDF.

CIS SecureSuite^® Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Red Hat Enterprise Linux 9 Benchmark v2.0.0

This Build Kit supports all profiles available in the Benchmark and will remediate the target accordingly. In testing against a default Red Hat Enterprise Linux 9.4 installation for the Level 2 Server profile, the Build Kit remediates more than 100 default settings that do not comply with the Benchmark guidance. A follow-up scan by a CIS-CAT Pro assessment returns a PASS result over 94%.

Some items of note for this Build Kit:

• Several new scripts added to support updated recommendations
• Existing scripts updated for better execution

Download the CIS Red Hat Enterprise Linux Benchmark in PDF.

CIS SecureSuite^® Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Rocky Linux 9 Benchmark v2.0.0

This Build Kit supports all profiles available in the Benchmark and will remediate the target accordingly. In testing against a default Rocky Linux 9.4 installation for the Level 2 Server profile, the Build Kit remediates more than 100 default settings that do not comply with the Benchmark guidance. A follow-up scan by a CIS-CAT Pro assessment returns a PASS result over 94%.

Some items of note for this update:

• Several new scripts added to support updated recommendations
• Existing scripts updated for better execution

Download the CIS Rocky Linux Benchmark in PDF.

CIS SecureSuite^® Members can visit CIS WorkBench here to download other formats and related resources. 

CIS Oracle Linux 9 Benchmark v2.0.0

This Build Kit supports all profiles available in the Benchmark and will remediate the target accordingly. In testing against a default OracleLinux-R9-U4 installation for the Level 2 Server profile, the Build Kit remediates more than 100 default settings that do not comply with the Benchmark guidance. A follow-up scan by a CIS-CAT Pro assessment returns a PASS result over 94%.

Some items of note for this update:

• Several new scripts added to support updated recommendations
• Existing scripts updated for better execution

TEXT

Download the CIS Oracle Linux Benchmark in PDF.

CIS SecureSuite^® Members can visit CIS WorkBench here to download other formats and related resources. 

 

---

 

Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today! We're looking for contributors for the following technologies:

API Security Guide: email [email protected]

Azure DevOps: email [email protected]

Check Point Firewall

Cisco (preferred focus on NX-OS, ACI, ASA, iOS, Meraki, Firepower)

F5 Networks

GitHub

GitLab

Google Android

Juniper Networks (preferred focus on Junos OS)

MariaDB

Microsoft SQL Server

Palo Alto Networks

PostgreSQL

VMware (preferred with ESXi expertise)

 

If you're interested, please reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.