New CIS Cisco IOS 17 Benchmark v1.0.0 Audit Files Summary...
New CIS Cisco IOS 17 Benchmark v1.0.0 Audit Files Summary Customers can now measure compliance against the latest release of the Cisco IOS 17 Benchmark v1.0.0 from CIS with the new Cisco IOS 17 Benchmark v1.0.0 audits. These audits have been certified through CIS and can be viewed along with Tenable's other certified products at https://www.cisecurity.org/partner/tenable. Tenable Audit Files Cisco IOS 17 Benchmark v1.0.0 - Level 1 Cisco IOS 17 Benchmark v1.0.0 - Level 2 Target Release Date The audits can be download from the Tenable Audits Portal on July 18, 2022New CIS Debian Audit Files Summary Customers can now...
New CIS Debian Audit Files Summary Customers can now measure compliance against the latest release of the Debian Linux 11 Benchmark from CIS with the new CIS Debian Linux 11 v1.0.0 audits. These audits have been certified through CIS and can be viewed along with Tenable's other certified products at https://www.cisecurity.org/partner/tenable. Tenable Audit Files CIS Debian Linux 11 v1.0.0 - Level 1 Server CIS Debian Linux 11 v1.0.0 - Level 2 Server CIS Debian Linux 11 v1.0.0 - Level 1 Workstation CIS Debian Linux 11 v1.0.0 - Level 2 Workstation The audits can be downloaded from the Tenable Audits Portal Target Release Date Immediate
New CIS Distribution Independent Linux Benchmark v2.0.0...
New CIS Distribution Independent Linux Benchmark v2.0.0 Summary Customers can now measure compliance against the latest distribution independent settings with the new CIS Distribution Independent Linux audits. These audits have been certified through CIS and can be viewed along with Tenable's other certified products at https://www.cisecurity.org/partner/tenable. Tenable Benchmarks CIS Distribution Independent Linux Server L1 v2.0.0 CIS Distribution Independent Linux Server L2 v2.0.0 CIS Distribution Independent Linux Workstation L1 v2.0.0 CIS Distribution Independent Linux Workstation L2 v2.0.0 Target Release Date 30 Jan 2020 Additional Notes: This audit includes a profile for Level 1 - Server and Level 2 - Server along with Level 1 - Workstation and Level 2 - Workstation. In addition, this audit includes all the changes included in the v2.0.0 major revision. __________________________________ Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.New CIS Oracle Database 19c Benchmarks v1.0.0 Summary...
New CIS Oracle Database 19c Benchmarks v1.0.0 Summary Customers can now measure compliance against Oracle 19c databases with the new CIS Oracle Database 19c audits. These audits have been certified through CIS and can be viewed along with Tenable's other certified products at https://www.cisecurity.org/partner/tenable/. Tenable Benchmarks CIS Oracle Database 19c Unified Auditing L1 v1.0.0 CIS Oracle Database 19c Traditional Auditing L1 v1.0.0 CIS Oracle Database 19c Linux Host L1 v1.0.0 CIS Oracle Database 19c Windows Host L1 v1.0.0 Target Release Date 22 Oct 2020 Additional Notes: These audits are very similar to the CIS Oracle 12c benchmark. Notable changes include: SQL query changes in the Unified Auditing profile for checks 6.2.1 through 6.2.27, and the removal and renumbering of a few controls in Traditional and Unified auditing profiles. ------------------------------------------------------------------------------------------------ Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.New CIS Microsoft Windows 11 Enterprise Benchmark Audits...
New CIS Microsoft Windows 11 Enterprise Benchmark Audits Summary Customers can now measure compliance against Microsoft Windows 11 operating system with the new CIS Windows 11 audits. The audits have been certified through CIS and can be viewed along with Tenable's other certified products at https://www.cisecurity.org/partner/tenable. Tenable Audits CIS Microsoft Windows 11 audits for the following profiles: Level 1 (L1) - Corporate/Enterprise Environment (general use) Level 1 (L1) + BitLocker (BL) Level 1 (L1) + Next Generation Windows Security (NG) Level 1 (L1) + BitLocker (BL) + Next Generation Windows Security (NG) Level 2 (L2) - High Security/Sensitive Data Environment (limited functionality) Level 2 (L2) + BitLocker (BL) Level 2 (L2) + Next Generation Windows Security (NG) Level 2 (L2) + BitLocker (BL) + Next Generation Windows Security (NG) BitLocker (BL) - optional add-on for when BitLocker is deployed Next Generation Windows Security (NG) - optional add-on for use in the newest hardware and configuration environments Target Release Date 4/11/2022 Additional Notes: The audits include checks for evaluating the Windows 11 operating system. The Windows 11 audits were tested against Windows 11 enterprise using the CIS Windows 11 Workstation Buildkit. To obtain the latest version of the CIS Benchmark please visit https://workbench.cisecurity.org/files/3714.New RedHat OpenShift Container Platform Plugin and Audit...
New RedHat OpenShift Container Platform Plugin and Audit files Summary Customers can now measure compliance against RedHat OpenShift Container Platform with new plugin ID 161406 on Tenable.io and Nessus. This plugin will be published with a new credential type: OpenShift Container Platform. This plugin retrieves target data using the RedHat OpenShift Container Platform API and will evaluate actual values against a given audit policy. All data retrieval and communication is via the RedHat OpenShift Container Platform API. Additional Notes Two CIS audits will be released along with the plugin: CIS RedHat OpenShift Container Platform 4 v1.2.0 Level 1 CIS RedHat OpenShift Container Platform 4 v1.2.0 Level 2 Example audit structure <check_type: "OpenShift"> <custom_item> type : REST_API description : "Minimize the admission of containers with allowPrivilegeEscalation" request : "getSecurityContextConstraints" json_transform : ".items[] | .spec.clusterID as $clusterID | .items[] | \"Cluster ID: \($clusterID), Name: \(.metadata.name), UID: \(.metadata.uid), Allow Privilege Escalation: \(.allowPrivilegeEscalation)\"" expect : "Allow Privilege Escalation: false" </custom_item> </check_type> The 'request' tag references specific API endpoints for data retrieval. The 'json_transform' tag selects specific parts of returned data. Regex and expect tags will further filter and evaluate the data for a passing or failing result. Target Release Date January 27, 2023New Snowflake Compliance Plugin and Audit files Summary...
New Snowflake Compliance Plugin and Audit files Summary Customers can now measure compliance against the Snowflake Platform with new plugin ID Snowflake Compliance Checks (206112) on Tenable Vulnerability Management and Nessus. This plugin is published as a part of the Audit Cloud Infrastructure compliance template and will use a new credential type of Snowflake API. The plugin will retrieve all target data using the Snowflake SQL API and will evaluate actual values against a given audit policy. Two audits implementing the CIS benchmark will be released along with the plugin: CIS Snowflake Foundations v1.0.0 Level 1 CIS Snowflake Foundations v1.0.0 Level 2 These audits contain a total of 39 checks across 2 profiles with 20 checks being fully automated. Some examples include: Identity and Access Management 1.2 Ensure Snowflake SCIM integration is configured to automatically provision and deprovision users and groups (i.e. roles) 1.7 Ensure authentication key pairs are rotated every 180 days 1.8 Ensure that users who did not log in for 90 days are disabled Data Protection 4.1 Ensure yearly rekeying is enabled for a Snowflake account 4.5 Ensure that the REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION account parameter is set to true Additional Notes For those that are interested in creating custom audit content for their environment, the audit supports the following structure. <check_type: "Snowflake"> <custom_item> type : SQL_POLICY description : "Ensure yearly rekeying is enabled for a Snowflake account" sql_request : "SHOW PARAMETERS LIKE 'PERIODIC_DATA_REKEYING' IN ACCOUNT;" sql_types : REGEX, REGEX, REGEX_OR_NULL, REGEX_OR_NULL, REGEX_OR_NULL, REGEX_OR_NULL sql_expect : "PERIODIC_DATA_REKEYING", "true", ".*", ".*", ".*", ".*" </custom_item> </check_type> The 'sql_request' tag contains SQL statements executed through the Snowflake REST API endpoint. The 'sql_expect' tag will evaluate the data for a passing or failing result. Target Release Date ImmediateNew CIS Azure Kubernetes Service (AKS) Benchmark v1.1.0...
New CIS Azure Kubernetes Service (AKS) Benchmark v1.1.0 policies for Tenable.cs Summary Tenable.cs customers can now measure compliance against the CIS Azure Kubernetes Service (AKS) Benchmark v1.1.0 benchmark. These policies have been certified through CIS and can be viewed along with Tenable's other certified products at https://www.cisecurity.org/partner/tenable. Tenable.cs supported profiles CIS Azure Kubernetes Service (AKS) Benchmark v1.1.0, Level 1 CIS Azure Kubernetes Service (AKS) Benchmark v1.1.0, Level 2 Target Release Date ImmediateNew CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0 Audits...
New CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0 Audits Summary Customers can now measure compliance against the latest version of this CIS benchmark: Ubuntu Linux 24.04 v1.0.0 The new audit files include Level 1 Server, Level 2 Server, Level 1 Workstation, and Level 2 Workstation profiles. These audits have been certified through CIS and can be viewed along with Tenable's other certified products at https://www.cisecurity.org/partner/tenable. The v1.0.0 benchmarks and audits include updates to several checks in the following sections: 1.5 Configure Additional Process Hardening This section has been updated to improve several additional hardening checks, such as: 1.5.1 Ensure address space layout randomization is enabled 1.5.2 Ensure ptrace_scope is restricted 1.5.3 Ensure core dumps are restricted 2 Services Updated recommendations for service checks: 2.2.4 Ensure telnet client is not installed 2.2.6 Ensure ftp client is not installed 2.1.4 Ensure dns server services are not in use 5.1 - Configure SSH Server Updated recommendations for additional SSH settings: 5.1.2 Ensure permissions on SSH private host key files are configured 5.1.17 Ensure sshd MaxSessions is configured 6 Logging and Auditing Updated recommendations for logging and auditing section 6.1.2.1.1 Ensure systemd-journal-remote is installed 6.1.2.3 Ensure journald Compress is configured 6.1.3.4 Ensure rsyslog log file creation mode is configured There are many more changes and updates to these versions. Please review the CIS benchmark changelog for additional information. Tenable Audits CIS Ubuntu Linux 24.04 v1.0.0 - Level 1 Server CIS Ubuntu Linux 24.04 v1.0.0 - Level 2 Server CIS Ubuntu Linux 24.04 v1.0.0 - Level 1 Workstation CIS Ubuntu Linux 24.04 v1.0.0 - Level 2 Workstation Target Release Date ImmediateNew CIS Microsoft SQL Server 2019 Benchmark v1.0.0 Summary...
New CIS Microsoft SQL Server 2019 Benchmark v1.0.0 Summary Customers can now measure compliance against the latest major version of Microsoft SQL Server with the new CIS Microsoft SQL Server 2019 audits. These audits have been certified through CIS and can be viewed along with Tenable's other certified products at https://www.cisecurity.org/partner/tenable. Tenable Benchmarks CIS Microsoft SQL Server 2019 Database Engine L1 v1.0.0 CIS Microsoft SQL Server 2019 AWS RDS L1 v1.0.0 Target Release Date 9 Mar 2020 Additional Notes: This audit includes a profile for Level 1 - Database Engine along with Level 1 - Workstation AWS RDS. __________________________________ Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.