CIS Benchmarks December 2023 Update
The following CIS Benchmarks™ have been released or updated. We've highlighted the major updates below. Each Benchmark includes a full changelog that can be referenced to see all changes made.
CIS Benchmarks Updated in November
- CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.4.0
- CIS Oracle Cloud Infrastructure for Kubernetes (OKE) Benchmark v1.4.0
- CIS PostgreSQL 15 Benchmark v1.1.0
CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.4.0
This Benchmark includes support for Kubernetes clusters built on Kubernetes v1.25, 1.26, and 1.27. Some items of note for this update:
- Over 50 recommendations have been added or enhanced
- The AAC has been improved
- The Benchmark and its recommendations have been updated to support Kubernetes v1.27
A huge thank you to the CIS Kubernetes Community for making this happen. Special thanks go to Rory McCune and Mark Larinde for their dedication to making this Benchmark the best it can be.
Download the CIS Kubernetes Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS Oracle Cloud Infrastructure for Kubernetes (OKE) Benchmark v1.4.0
This Benchmark includes support for Kubernetes clusters built on Kubernetes v1.25, 1.26, and 1.27. Some items of note for this update:
- Over 50 recommendations have been added or enhanced
- The AAC has been improved
- The Benchmark and its recommendations have been updated to support Kubernetes v1.27
A huge thank you to the CIS Kubernetes Community for making this happen. Special thanks to Mark Larinde for his dedication to making this Benchmark the best it can be.
Download the CIS Kubernetes Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
CIS PostgreSQL Benchmarks – One Updated Benchmark, One New Release
We are excited to announce the publication of the updated CIS PostgreSQL 15 Benchmark v1.1.0 and thenew CIS PostgreSQL 16 Benchmark v1.0.0. These releases address a number of issues identified in the prior release of the CIS PostgreSQL 15 Benchmark as well as PostgreSQL 16 changes. The issues primarily consisted of:
- Added procedures for creating 'roletree' view to assist in auditing recommendation 4.6
- Added guidance for configuring 'temp_tablespaces' and 'temp_file_limit' to the audit and remediation procedures for recommendation 8.1
- Removed remediation procedures for building 'set_user' from source and replaced them with procedures for installing via 'dnf'
- Revised a number of audit and remediation procedures to fix typos, improve procedures, reflect changes to PostgreSQL, and resolve tickets
A huge thank you to entire CIS PostgreSQL Community for making this happen. Special thanks go to Doug Hunley and Crunchy Data for their contributions to this release.
Download the CIS PostgreSQL Benchmarks in PDF.
CIS SecureSuite Members can visit CIS WorkBench here and here to download other formats and related resources.
New CIS Benchmarks Released in November
CIS MongoDB 7.0 Benchmark v1.0.0
This Benchmark includes support for MongoDB v7.x, the latest version of the MongoDB database platform, along with automated assessment support as well as Level 1 and Level 2 profiles.
A huge thank you to the CIS MongoDB Community for making this Benchmark a reality.
Download the CIS MongoDB Benchmark in PDF.
CIS SecureSuite Members can visit CIS WorkBench here to download other formats and related resources.
Additional CIS Benchmarks Announcements
Are you interested in providing feedback to the Benchmarks Product Team about the prioritization of the Benchmarks recommendations and/or how the Level 1 and Level 2 recommendations are categorized? We’d love to hear from you! Contact [email protected].
Get involved by helping us develop content, review recommendations, and test CIS Benchmarks. Join a community today! We're looking for contributors for the following technologies:
- Amazon Aurora: Reach out to [email protected]
- Apache Cassandra
- Check Point Firewall
- Cisco (preferred focus on NX-OS, ACI, ASA, iOS, Meraki, Firepower)
- Google Android
- F5 Networks
- Juniper Networks (preferred focus on Junos OS)
- Microsoft SQL Server
- Palo Alto Networks
- PostgreSQL
- VMware (preferred with EXSi expertise)
If you're interested, please reach out to us at [email protected]. You can also learn more on the CIS Benchmarks Community page.