CIS Windows 10 Audit Files Deprecation Summary We recently...
CIS Windows 10 Audit Files Deprecation Summary We recently discovered that our CIS Windows 10 audits were being misrepresented based on CIS guidance. CIS recommends that every new release of the Windows 10 Benchmark replaces the previous Windows 10 Benchmark. Our customers should be using the latest CIS Windows 10 version regardless of the Windows 10 release. With that understanding, we are deprecating our previous CIS Windows 10 audit versions. The most current version will remain active (Currently version 1.12.0). The CIS Windows 10 v1.12.0 Tenable audits can be download from Tenable Audits Portal. For more information regarding the CIS Windows 10 nomenclature please review the CIS guidance found here - https://workbench.cisecurity.org/community/2/discussions/8127. Deprecated Tenable Audit Files CIS Windows 10 v1.10.1 audits CIS Windows 10 v1.10.0 audits CIS Windows 10 v1.9.1 audits CIS Windows 10 v1.9.0 audits CIS Windows 10 v1.8.1 audits CIS Windows 10 v1.8.0 audits CIS Windows 10 v1.7.1 audits CIS Windows 10 v1.7.0 audits CIS Windows 10 v1.6.1 audits CIS Windows 10 v1.6.0 audits CIS Windows 10 v1.7.1 audits CIS Windows 10 v1.7.0 audits CIS Windows 10 v1.6.1 audits CIS Windows 10 v1.6.0 audits CIS Windows 10 v1.5.0 audits CIS Windows 10 v1.4.0 audits CIS Windows 10 v1.3.0 audits CIS Windows 10 v1.2.0 audits CIS Windows 10 v1.1.1 audits CIS Windows 10 v1.1.0 audits CIS Windows 10 v1.0.0 audits Target Deprecation Date August 1, 2022New RedHat OpenShift Container Platform Plugin and Audit...
New RedHat OpenShift Container Platform Plugin and Audit files Summary Customers can now measure compliance against RedHat OpenShift Container Platform with new plugin ID 161406 on Tenable.io and Nessus. This plugin will be published with a new credential type: OpenShift Container Platform. This plugin retrieves target data using the RedHat OpenShift Container Platform API and will evaluate actual values against a given audit policy. All data retrieval and communication is via the RedHat OpenShift Container Platform API. Additional Notes Two CIS audits will be released along with the plugin: CIS RedHat OpenShift Container Platform 4 v1.2.0 Level 1 CIS RedHat OpenShift Container Platform 4 v1.2.0 Level 2 Example audit structure <check_type: "OpenShift"> <custom_item> type : REST_API description : "Minimize the admission of containers with allowPrivilegeEscalation" request : "getSecurityContextConstraints" json_transform : ".items[] | .spec.clusterID as $clusterID | .items[] | \"Cluster ID: \($clusterID), Name: \(.metadata.name), UID: \(.metadata.uid), Allow Privilege Escalation: \(.allowPrivilegeEscalation)\"" expect : "Allow Privilege Escalation: false" </custom_item> </check_type> The 'request' tag references specific API endpoints for data retrieval. The 'json_transform' tag selects specific parts of returned data. Regex and expect tags will further filter and evaluate the data for a passing or failing result. Target Release Date January 27, 2023Research Highlight - New CIS Bottlerocket v1.0.0 Audit...
Research Highlight - New CIS Bottlerocket v1.0.0 Audit Files Summary Customers can now measure compliance against the latest release of Amazon Bottlerocket OS from CIS with the new Bottlerocket v1.0.0 audits. These audits cover both the CIS L1 and L2 guidance for Bottlerocket OS and include checks for host system filesystem configuration, access control, kernel network parameters, firewall rules, system logging, and more. They have been certified through CIS and can be viewed along with Tenable's other certified products at https://www.cisecurity.org/partner/tenable. Tenable Audit Files CIS_Bottlerocket_v1.0.0_L1.audit CIS_Bottlerocket_v1.0.0_L2.audit Target Release Date The audits can be downloaded from the Tenable Audits Portal on February 29th, 2024. Date of Release ImmediateNew CIS Palo Alto Firewall 10 v1.0.0 Audit Files Summary...
New CIS Palo Alto Firewall 10 v1.0.0 Audit Files Summary Customers can now measure compliance against the latest release of the Palo Alto Firewall 10 v1.0.0 from CIS with the new CIS Palo Alto Firewall 10 v1.0.0 audits. These audits have been certified through CIS and can be viewed along with Tenable's other certified products at https://www.cisecurity.org/partner/tenable. Tenable Audit Files CIS Palo Alto Firewall 10 v1.0.0 - Level 1 CIS Palo Alto Firewall 10 v1.0.0 - Level 2 Target Release Date The audits can be download from the Tenable Audits Portal on July 18, 2022New CIS Cisco IOS 17 Benchmark v1.0.0 Audit Files Summary...
New CIS Cisco IOS 17 Benchmark v1.0.0 Audit Files Summary Customers can now measure compliance against the latest release of the Cisco IOS 17 Benchmark v1.0.0 from CIS with the new Cisco IOS 17 Benchmark v1.0.0 audits. These audits have been certified through CIS and can be viewed along with Tenable's other certified products at https://www.cisecurity.org/partner/tenable. Tenable Audit Files Cisco IOS 17 Benchmark v1.0.0 - Level 1 Cisco IOS 17 Benchmark v1.0.0 - Level 2 Target Release Date The audits can be download from the Tenable Audits Portal on July 18, 2022New CIS Microsoft Windows Server 2022 v1.0.0 Audit Files...
New CIS Microsoft Windows Server 2022 v1.0.0 Audit Files Summary Customers can now measure compliance against the latest release of the Microsoft Windows Server 2022 Benchmark from CIS with the new CIS Microsoft Windows Server 2022 v1.0.0 audits. These audits have been certified through CIS and can be viewed along with Tenable's other certified products at https://www.cisecurity.org/partner/tenable. Tenable Audit Files CIS Microsoft Windows Server 2022 v1.0.0 - Level 1 Domain Controller CIS Microsoft Windows Server 2022 v1.0.0 - Level 2 Domain Controller CIS Microsoft Windows Server 2022 v1.0.0 - Level 1 Member Server CIS Microsoft Windows Server 2022 v1.0.0 - Level 2 Member Server CIS Microsoft Windows Server 2022 v1.0.0 - Next Generation Windows Security - Domain Controller CIS Microsoft Windows Server 2022 v1.0.0 - Next Generation Windows Security - Member Server Target Release Date Immediate
New CIS Oracle Database 19c Benchmarks v1.0.0 Summary...
New CIS Oracle Database 19c Benchmarks v1.0.0 Summary Customers can now measure compliance against Oracle 19c databases with the new CIS Oracle Database 19c audits. These audits have been certified through CIS and can be viewed along with Tenable's other certified products at https://www.cisecurity.org/partner/tenable/. Tenable Benchmarks CIS Oracle Database 19c Unified Auditing L1 v1.0.0 CIS Oracle Database 19c Traditional Auditing L1 v1.0.0 CIS Oracle Database 19c Linux Host L1 v1.0.0 CIS Oracle Database 19c Windows Host L1 v1.0.0 Target Release Date 22 Oct 2020 Additional Notes: These audits are very similar to the CIS Oracle 12c benchmark. Notable changes include: SQL query changes in the Unified Auditing profile for checks 6.2.1 through 6.2.27, and the removal and renumbering of a few controls in Traditional and Unified auditing profiles. ------------------------------------------------------------------------------------------------ Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.New CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0 Audits...
New CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0 Audits Summary Customers can now measure compliance against the latest version of this CIS benchmark: Ubuntu Linux 24.04 v1.0.0 The new audit files include Level 1 Server, Level 2 Server, Level 1 Workstation, and Level 2 Workstation profiles. These audits have been certified through CIS and can be viewed along with Tenable's other certified products at https://www.cisecurity.org/partner/tenable. The v1.0.0 benchmarks and audits include updates to several checks in the following sections: 1.5 Configure Additional Process Hardening This section has been updated to improve several additional hardening checks, such as: 1.5.1 Ensure address space layout randomization is enabled 1.5.2 Ensure ptrace_scope is restricted 1.5.3 Ensure core dumps are restricted 2 Services Updated recommendations for service checks: 2.2.4 Ensure telnet client is not installed 2.2.6 Ensure ftp client is not installed 2.1.4 Ensure dns server services are not in use 5.1 - Configure SSH Server Updated recommendations for additional SSH settings: 5.1.2 Ensure permissions on SSH private host key files are configured 5.1.17 Ensure sshd MaxSessions is configured 6 Logging and Auditing Updated recommendations for logging and auditing section 6.1.2.1.1 Ensure systemd-journal-remote is installed 6.1.2.3 Ensure journald Compress is configured 6.1.3.4 Ensure rsyslog log file creation mode is configured There are many more changes and updates to these versions. Please review the CIS benchmark changelog for additional information. Tenable Audits CIS Ubuntu Linux 24.04 v1.0.0 - Level 1 Server CIS Ubuntu Linux 24.04 v1.0.0 - Level 2 Server CIS Ubuntu Linux 24.04 v1.0.0 - Level 1 Workstation CIS Ubuntu Linux 24.04 v1.0.0 - Level 2 Workstation Target Release Date ImmediateNew CIS Microsoft Windows 11 Enterprise Benchmark Audits...
New CIS Microsoft Windows 11 Enterprise Benchmark Audits Summary Customers can now measure compliance against Microsoft Windows 11 operating system with the new CIS Windows 11 audits. The audits have been certified through CIS and can be viewed along with Tenable's other certified products at https://www.cisecurity.org/partner/tenable. Tenable Audits CIS Microsoft Windows 11 audits for the following profiles: Level 1 (L1) - Corporate/Enterprise Environment (general use) Level 1 (L1) + BitLocker (BL) Level 1 (L1) + Next Generation Windows Security (NG) Level 1 (L1) + BitLocker (BL) + Next Generation Windows Security (NG) Level 2 (L2) - High Security/Sensitive Data Environment (limited functionality) Level 2 (L2) + BitLocker (BL) Level 2 (L2) + Next Generation Windows Security (NG) Level 2 (L2) + BitLocker (BL) + Next Generation Windows Security (NG) BitLocker (BL) - optional add-on for when BitLocker is deployed Next Generation Windows Security (NG) - optional add-on for use in the newest hardware and configuration environments Target Release Date 4/11/2022 Additional Notes: The audits include checks for evaluating the Windows 11 operating system. The Windows 11 audits were tested against Windows 11 enterprise using the CIS Windows 11 Workstation Buildkit. To obtain the latest version of the CIS Benchmark please visit https://workbench.cisecurity.org/files/3714.New CIS Apache Tomcat 9 Benchmark v1.0.0 Summary Customers...
New CIS Apache Tomcat 9 Benchmark v1.0.0 Summary Customers can now measure compliance against the latest version of Apache Tomcat 9 with the new CIS Apache Tomcat 9 audits. These audits have been certified through CIS and can be viewed along with Tenable's other certified products at https://www.cisecurity.org/partner/tenable. Tenable Benchmarks CIS Apache Tomcat 9 L1 v1.0.0 CIS Apache Tomcat 9 L2 v1.0.0 Target Release Date 12 Mar 2020 Additional Notes: This audit includes profiles for Level 1 and Level 2 for Tomcat 9. __________________________________ Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.