CIS Security Benchmarks Community Newsletter - August 2016

CIS Docker 1.12.0 Benchmark Released

The benchmark provides prescriptive guidance for establishing a secure configuration posture for Docker container version 1.12.0. The guide was tested against Docker 1.12.0 on RHEL 7 and Debian 8. Special Thanks to Pravin Goyal, Thomas Sjögren, Rory McCune, Manideep Konakandla and Jesse Hertz.

This entry was posted in Benchmarks Community Updates, benchmarks on August 18, 2016 by Kimberly K

CIS Community Newsletter – June 2016

1. CIS Oracle Linux 6 v1.0.0 Benchmark Released

The benchmark provides prescriptive guidance for establishing a secure configuration posture for Oracle Linux 6 systems running on x86 and x64 platforms. The document was tested against Oracle Linux 6.7.

This entry was posted in Benchmarks Community Updates on June 14, 2016 by Kimberly K

CIS Community Letter - May, 2016

CIS Community Newsletter

– 1. CIS Community Site Maintenance - Friday, May 6th at 7pm EST
The CIS community site (https://community.cisecurity.org) will be temporarily down for maintenance on Friday, May 6th at 7pm EST. The site will be down for approximately 1.5 hours. During this time you will not be able to access the site or download resources. We appreciate your patience.
2. CIS CentOS Linux 6 and 7 Benchmark Updates Released
The CentOS 6 benchmarkprovides prescriptive guidance for establishing a secure configuration posture for CentOS Linux 6 systems running on x86 and x64 platforms. This document was tested against CentOS 6.7.
The CentOS 7 benchmark provides prescriptive guidance for establishing a secure configuration posture for CentOS Linux 7 systems running on x86 and x64 platforms. This document was tested against CentOS 7.2.
Download the CentOS benchmarks here: https://benchmarks.cisecurity.org/downloads/browse/index.cfm?

This entry was posted in Benchmarks Community Updates on May 10, 2016 by Chad R

Benchmarks-for-Windows Updates

By Jordan C. Rakoske

We have exciting news about our Windows releases! Over the past year and a half, our Windows community has worked very hard reviewing all of the benchmarks that we had previously released as well as focusing on the new upcoming line of Windows OS's (Windows 10 and Server 2016). Our First big updates released were our Windows 8.1 v2.0.0, Server 2012 R2 v2.0.0, and Windows 10 v1.0.0. Since then we have spent months reviewing all of the new and old Windows settings across all of our Windows Benchmarks. We worked closely with Aaron Margosis and Rick Munck from Microsoft to answer any technical questions that came up in the community and to help address some items within Microsoft Group Policy Templates.

This entry was posted in Benchmarks Community Updates, Uncategorized on May 10, 2016 by Chad R

CIS Community Newsletter - April 19, 2016

CIS Community Newsletter 

1. Benchmark Participation Needed for NGINX, Palo Alto and Cisco ASA

Your feedback and participation helps ensure that CIS Benchmarks continue to reflect security best practice. All contributors will receive attribution in the associated Benchmark and are eligible to earn CPE credits toward maintaining (ISC)2 certifications. We’re looking for help in the following areas:

• Palo Alto Networks – Editors and contributors needed to provide feedback and test draft benchmark

• NGINX – Editors and contributors needed to define scope, draft the benchmark, test and provide feedback

• Cisco ASA – Editors and contributors needed update existing benchmark, test and provide feedback

This entry was posted in Benchmarks Community Updates, Uncategorized on April 19, 2016 by Chad R

Making Security Happen

By Adam Montville

Our mission here at CIS is pretty clear: Lead communities to shepherd security best practices and continuously develop world-class security solutions supporting those practices. I generally like to think of this as working to “make security happen”. In support of this mission we have two important announcements to make today.

First, we have released the first-ever benchmark for your Amazon Web Services accounts, “CIS Amazon Web Services Foundations Benchmark v1.0.0” (here). This benchmark covers the bases for basic AWS services, such as: Identity and Access Management, AWS Config, CloudTrail, CloudWatch, Simple Notification Service, and Simple Storage Service. We have worked with Amazon and other organizations steeped in AWS services and technology to bring this benchmark to release (the folks over at Amazon have some more goodies for you as well - take a look here) using our well-known and respected consensus process. The recommendations embodied in this benchmark are not coming directly from CIS, but from a community of security-conscious, AWS-knowledgeable folks who want to share their work with the rest of the world.

CIS Community Newsletter

1. CIS Microsoft Office 2013, Access, Excel, Outlook, Power Point and Word Benchmarks Released

The following benchmarks provide prescriptive guidance for establishing a secure configuration posture for Microsoft Office 2013, Access 2013, Excel 2013, Outlook 2013, Power Point 2013 and Word 2013 respectively all running on Windows 7. Each guide was tested against Microsoft Office 2013.

CIS Community Newsletter – August 10, 2015

1. Call for Participation – Palo Alto Networks Draft Benchmark Available for Review AND Development underway for IBM DB2 & Google Chrome Benchmarks
Have expertise with Palo Alto Networks, IBM DB2 or Google Chrome? If so, join the benchmark consensus team(s). Your feedback and participation helps ensure that CIS Benchmarks continue to reflect security best practice. All contributors will receive attribution in the associated Benchmark and are eligible to earn CPE credits toward maintaining (ISC)2 certifications.

CIS Community Newsletter – January 13, 2015

  1. NEW CIS Ubuntu 14.04 LTS Server Benchmark Released
Prescriptive guidance for establishing a secure configuration posture for Ubuntu 14.04 LTS Server.

Download CIS Ubuntu 14.04 LTS Server Benchmark here: http://benchmarks.cisecurity.org/downloads/show-single/?file=ubuntu1404.100

This entry was posted in Benchmarks Community Updates, IBM Endpoint, NetIQ on January 13, 2015 by Chad R

CIS Community Newsletter – December 9, 2014

1. CIS Microsoft Internet Explorer 11 Benchmark Released
The benchmark provides prescriptive guidance for establishing a secure configuration posture for Microsoft Internet Explorer 11. The guide was tested against Microsoft Internet Explorer 11 running on Microsoft Windows 8.

This entry was posted in Benchmarks Community Updates on December 29, 2014 by Chad R