Create browser benchmarks for macOS
The current Google Chrome and Microsoft Edge CIS benchmarks are created for Windows devices. Since the majority of the keys are similar for macOS devices, why not ...
Under consideration
2FA on CIS WorkBench
I was just auditing all of my online accounts and making sure to enable 2FA everywhere it is possible and was surprised that this site does not seem to have that ...
Under consideration
Easier way to download .docx or .xlsx versions of the .pdf files which document the controls.
I want to download the .docx or .xlsx version of a Linux (CIS_Ubuntu_Linux_20.04_LTS_Benchmark_v2.0.1) document but cannot find it. This is the same for a number of ...
Done
Dark Mode
I would like to see a dark mode for the site. This could be a valuable accessibility feature for many users.
Under consideration
CIS-CAT Pro Combined Assessment Report of Entire Organization
Create a report that combines the assessments into one report for a complete overview of the entire environment
Gathering user feedback
Drop the workbench account expiration and password reset
It baffles me that an organisation focused on IT security forces a password reset every 60 days, a security practice outdated since many years.
Also, the email sent ...
Under consideration
Improve search filtering in CIS workbench
I was trying to search for build kits under the downloads section. If I typed in "build kits" it gave me many results. If I added additional words such as "windows", ...
Under consideration
404 Error for "see what's changed"
When downloading the assessor tool, your "see what's changed" button leads to a 404 page not found. I'm just trying to see if I need the latest version but I'm not ...
Done
Ability to change email
Hello. It seems that I cannot change my email in my profile.
Under consideration
Hardened images for download
ISO or prebuilt virtual images for those of us on prem. I saw this requested in the forum, but didn't see a request in the suggestions: I know we have the ability to ...
Gathering user feedback
Provide link to CIS-CAT downloads
Just need a simple direct link to download CIS-CAT, but the email confirmation just directs to Workbench, and within Workbench it's not obvious to me.
Done
CIS_Controlsv8.1 : Newcomer w/comments seeking the proper forum to share back w/ originating authors
As a consumer of CIS controls to assist customers, I finally am at the point to get involved to a degree where viewed as helpful. Initially perusing Control 3: DATA ...
Add a tag for "Policy templates"
I was looking for Policy templates in the Downloads section and found that the templates did not have a specific tag associated with them.
Pleas consider adding a ...
Done
"Sorting" error
in CIS Workbench Downloads, sorting by "updated" field is not working correctly.
Gathering user feedback
make downloading docs easier
Unless I am missing something - selecting and downloading more than one document is not (easy|possible). Seems like after searching for a type / name that we should ...
Gathering user feedback
Allow community feedback to show a post has traction
Make the ticketing system like Reddit, give us upvote and downvote buttons on posts.
Done
Workbench Profile Additional Fields
I'd love to add a profile picture and a link to social like LinkedIn
Gathering user feedback
search within benchmark
why is there no search function within a benchmark? For example, I need to find all the controls that relate to PIN complexity in the "CIS Microsoft Windows 11 ...
Under consideration
MS Edge v135 ScareWare Setting
I just downloaded the latest ADMX files from MS for Edge and noticed a new setting for Scareware Blocker which is supposed to detect and block those fake antivirus ...
Under consideration
Server2022v5.0.0 Build Kit Missing GPO
Within the Windows Server 2022 Benchmark v5.0.0 Build Kit, there is a callout in the PDF documentation to import GPOs for L1 Domain Controllers. Those CIS Group ...
Assessor 4.5.1 contains vulnerable jackson-databind component (CVSS v3: Score: 8.1)
Hello,
with all respect for your great and hard work, this is to let you know, that the latest (as well as previous releases) Assessor contains vulnerable component ...
Done
Server 2025
When can we expect Windows Server 2025 (released 11/1/24) benchmarks?
Update Red Hat Enterprise Linux 9 Benchmark Section 1.6.2
CIS Red Hat Enterprise Linux 9 Benchmark Section 1.6.2 (Ensure system wide crypto policy is not set in sshd configuration) is wrong.
On RHEL9 system wide crypto ...
Audit Procedure incorrect
For GitLab "1.1.5 Ensure there are restrictions on who can dismiss code change reviews" I think the audit procedure is not complete what happens after I ...
Email change?
Can’t figure out how to change my account email. Please advise.
Detailed benchmark information
I have reviewed several benchmarks, particularly those related to Windows Workstation and Windows Server. Overall, I found that most controls are well-defined and ...
xml (-cpe-dictionary, cpe-oval, oval, xccdf) file for F5 Networks
There is no XML file available for F5, and the only version of F5 currently listed is archived. Could you upload a newer version or make the XML file available?
Gathering user feedback
CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 - 2.2.23 (L1) - Include printspoolerservice
2.2.23 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE'
FAILED due to:
Output
'printspoolerservice' && 'network service' && ...
CIS CAT Pro: Windows Server Benchmarks for Windows OS that use 3rd party Virusscanner/Firewall etc.
Hi,
I would be very helpfull to have a set of Benchmarks for CIS CAT Pro for instances of Windows Server where the customer uses a 3rd party Virusscanner/Firewall. ...
CIS-CAT Pro Assessor Download (See what's changed.) - Dead link
From this page. (https://workbench.cisecurity.org/download/cis-cat/assessor).
404-Dead link - (https://workbench.cisecurity.org/community/30/discussions/12709)
Done
Oracle19c-benchmark
Since new CISCAT 4.58/9 the regular Oracle19c Benchmark for unified auditing has been removed/disappeared. This was available until CISCAT 4.56/7. Please add this ...
Update to Linux Mint 22.3 "Zena?"
Currently using the C4K-linuxmint-10-25-2025.iso to install CIS-configured Linux Mint 22.2 Cinnamon for the Reno Cigar Lions Club's Computers 4 Kids giveaways.
I ...
Done
9.1.10 - (L1) : Service principals can use Fabric APIs
The option : Service principals can use Fabric APIs is not an option anymore. Probaply changed or removed. ...
network security auditing
i want to audit network security in the financial sector, for perfect assessment network efficiency
i want a good checklists for the success of my audit points ...
Request for CIS Benchmark Comparison Feature
I’m looking for a way to compare Windows 11 Enterprise CIS Benchmarks version 3.0 against version 4.0. It has been challenging to identify which policies have ...
Done
No Active License Keys
Hello,
there is No Active License Keys for Orange. I can not use my Assessor Pro application.
Do you know what happened?
Regards
Paweł Giergoń
Orange Polska
More helpful email notifications
I get a lot of emails about work being done in Workbench, but few of them seem to give me the context I need within the email or in the link to understand what was ...
Delays in CIS-CAT Assessor v4.57 continue to be unexplained
There is a continued lack of communication in the status of the release of v4.57 this is impacting my project and put at risk our longstanding recommendation of its ...
Done
ASLR checks in versions of RHEL CIS are giving False positives
Hi,
I have looked into the profiles of CIS for Red Hat Enterprise, and found the checks for ASLR are implemented differently.
(FP = False Positive)
CIS Red Hat ...
Review webinars page for Linux
If you visit https://workbench.cisecurity.org/support-center/pages/recorded-webinars you will see a link to a video on CIS-CAT Pro on Linux/Unix but the video link is ...
Done
Windows 2016: 2.3.10.1: 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled'
CIS Microsoft Windows Server 2016 Benchmark v4.0.0
2.3.10.1 (L1) Ensure 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled'
Below Audit ...
2.6.6.6.2.1.1 Audit Procedure Path incorrect
The Audit procedure for 2.6.6.6.2.1.1 in the Office Enterprise benchmark suggests the path to be: "HKEY_USERS\[USER ...
TOAD SERVER
Dear Team,
We are using Toad server but when we perform cis scan then we got an error oci error kindly check
motd and network access
We see that motd accesses a server on AWS on port 8089.
But should this service not be disabled, or at least not being able to contact servers on the internet and ...
Gathering user feedback
Typo on benchmark for macOS 14.
When going to your v2.1.0 build kit
=> CIS Apple macOS 14.0 Sonoma Benchmark v2.1.0 - Build Kit
We are offered to download this build kit
=> ...
Link broken
Tried to view the "What's changed" URL and got a 401 error.
Assessor v4.56.0 (latest)
Analyze target systems configuration and generate reports.
See what's changed.
Clarification of 4.1.5Secure Permissions for the Primary Archive Log Location (LOGARCHMETH1)
The control is about secure archive log location but the benchmark requirement is "Although there are many ways to ensure that your primary logs will be archived, we ...
Question
Hey Guys,
So my suggestion is that you make all your effort a little bit more intuitive or user-friendly, maybe also actualize the infos, I have the feeling there ...