Download the Benchmarks FREE of CHARGE

The Security Configuration Benchmarks below are distributed free of charge to propagate their worldwide use and adoption as user originated, de facto standards.

The CIS Benchmarks are the ONLY consensus best practice security configuration standards both developed and accepted by government, business, industry, and academia.

The Benchmarks are:

• Recommended technical control rules/values for hardening operating systems, middleware and software applications, and network devices;
• Unique, because the recommendations are defined via consensus among hundreds of security professionals worldwide;
• Downloaded approximately 1 million times per year;
• Distributed freely by CIS in .PDF format (some are available to CIS Members only in XML format via the CIS Members web site);
• Used by thousands of enterprises as the basis for security configuration policies and the de facto standard against which to compare them.

For more information about the benchmarks and tools:

• What are the Benchmarks?
• What are the Scoring Tools?
• CIS Provides Recognition for Developers of the Consensus Benchmarks and Scoring Tools

Operating Systems
Benchmark	Version	Updated
AIX	1.01	10/21/2005
Debian Linux	1.0	08/17/2007
FreeBSD	1.0.5	10/21/2005
HP-UX	1.4.2	06/03/2008
Mac OS X 10.4 (Tiger)	2.0	10/16/2006
Mac OS X 10.5 (Leopard)	1.0	05/21/2008
Novell OES:NetWare	1.0	08/14/2006
Red Hat Linux 4 (for RHEL 2.1, 3.0, 4.0 and Fedora Core 1,2,3,4, & 5)	1.0.5	10/01/2006
Red Hat Linux 5 (for RHEL 5)	1.1.2	06/17/2009
Slackware Linux	1.1	06/16/2006
Solaris 2.5.1 - 9.0	1.3	08/11/2004
Solaris 10 11/06 and 8/07	4.0	11/01/2007
SUSE Linux	2.0	05/21/2008
Windows 2000	1.2.2	02/04/2005
Windows 2000 Professional	2.2.1	12/17/2004
Windows 2000 Server	2.2.1	12/17/2004
Windows NT	1.05	03/04/2005
Windows Server 2003	2.0	11/21/2007
Windows XP Professional SP1/SP2	2.01	09/09/2005
Network Devices
Check Point Firewall	1.0	12/11/2007
Cisco ASA, FWSM, and PIX	2.0	11/20/2007
Cisco IOS Router	2.2	11/20/2007
Multi-Function Devices	1.0.0	04/24/2009
Wireless Networks	1.0	04/14/2005
Applications
Apache Web Server	2.2.0	11/10/2008
Exchange Server 2003	1.0	08/15/2005
Exchange Server 2007	1.0	12/31/2007
FreeRADIUS	1.0	08/16/2007
IIS	1.0	08/16/2007
ISC BIND 9.0-9.5	2.0.0	05/05/2009
MySQL Database 4.1/5.0/5.1	1.0.2	04/09/2009
Novell eDirectory	1.0	06/12/2006
OpenLDAP	1.0	08/16/2007
Oracle Database 8i	1.2	04/06/2005
Oracle Database 9i/10g	2.01	08/14/2006
Oracle Database 11g	1.0.0	09/12/2008
SQL Server 2000	1.0	12/15/2005
SQL Server 2005	1.1.1	02/20/2009
Virtual Machine	1.0	10/18/2007
VMWare ESX Server	1.0	10/18/2007
Xen Server	3.2	05/16/2008
Mobile Devices
Apple iPhone OS 2.2.1	1.0.0	03/27/2009