Benchmarks PLUS
These reports can be used help identify and mitigate known security vulnerabilities across a wide range of platforms by providing you with clear guidance on how to establish a secure configuration posture across your IT infrastructure.
CIS Benchmark Downloads
Windows Server
2016
CIS Microsoft Windows Server 2016 STIG Benchmark v1.0.0
CIS Microsoft Windows Server 2016 RTM (Rel 1607) Benchmark v1.2.0
COMPLETE
Complete Windows Servers CIS Benchmark Download
Contains Windows Server 2019, 2016, 2012R2, 2012, 2008R2, 2008 & 2003 CIS Benchmarks
Windows Desktop
Windows 10
CIS Microsoft Windows 10 Enterprise Release 2004 Benchmark v1.9.1
CIS Microsoft Windows 10 Enterprise Release 2004 Benchmark v1.9.0
CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark v1.8.1
CIS Microsoft Windows 10 Enterprise Release 1903 Benchmark v1.7.1
CIS Microsoft Windows 10 Enterprise Release 1809 Benchmark v1.6.1
CIS Microsoft Windows 10 Enterprise Release 1803 Benchmark v1.5.0
CIS Microsoft Windows 10 Enterprise Release 1709 Benchmark v1.4.0
CIS Microsoft Windows 10 Enterprise Release 1703 Benchmark v1.3.0
CIS Microsoft Windows 10 Enterprise Release 1607 Benchmark v1.2.0
CIS Microsoft Windows 10 Enterprise Release 1511 Benchmark v1.1.1
Windows 8/8.1
CIS Microsoft Windows 8.1 Workstation Benchmark v2.4.0
CIS Microsoft Windows 8.1 Workstation Benchmark v2.3.0
CIS Microsoft Windows 8.1 Benchmark v2.2.0
COMPLETE
Complete Windows Desktop CIS Benchmark Download
Contains Windows 10, Windows 8, Windows 7 and Windows XP CIS Benchmarks
Linux
CentOS
CIS CentOS Linux 8 Benchmark v1.0.0
CIS CentOS Linux 7 Benchmark v3.0.0
CIS CentOS Linux 7 Benchmark v2.2.0
CIS CentOS Linux 6 Benchmark v2.1.0
RedHat
CIS Red Hat Enterprise Linux 8 Benchmark v1.0.0 NEW
CIS Red Hat Enterprise Linux 7 Benchmark v3.0.1
CIS Red Hat Enterprise Linux 6 Benchmark v2.1.0
CIS Red Hat Enterprise Linux 5 Benchmark v2.2.0
Oracle
CIS Oracle Linux 8 Benchmark v1.0.0
CIS Oracle Linux 7 Benchmark v3.0.0
CIS Oracle Linux 7 Benchmark v2.1.0
CIS Oracle Linux 6 Benchmark v1.1.0
SUSE
CIS SUSE Linux Enterprise 15 Benchmark v1.0.0
CIS SUSE Linux Enterprise 12 Benchmark v2.1.0
CIS SUSE Linux Enterprise 11 Benchmark v2.1.0
Ubuntu
CIS Ubuntu Linux 20.04 LTS Benchmark v1.0.0
CIS Ubuntu Linux 18.04 LTS Benchmark v2.0.1
CIS Ubuntu Linux 16.04 LTS Benchmark v1.1.0
CIS Ubuntu Linux 14.04 LTS Benchmark v2.1.0
CIS Ubuntu Linux 12.04 LTS Benchmark v1.1.0
Debian
CIS Debian Family Linux Benchmark v1.0.0
CIS Debian Linux 10 Benchmark v1.0.0
CIS Debian Linux 9 Benchmark v1.0.1
CIS Debian Linux 8 Benchmark v2.0.1
CIS Debian Linux 7 Benchmark v1.0.0
Database Servers
MS SQL Server
CIS Microsoft SQL Server 2019 Benchmark v1.1.0
CIS Microsoft SQL Server 2019 Benchmark v1.0.0
CIS Microsoft SQL Server 2017 Benchmark v1.1.0
CIS Microsoft SQL Server 2017 Benchmark v1.0.0
CIS Microsoft SQL Server 2016 Benchmark v1.2.0
CIS Microsoft SQL Server 2016 Benchmark v1.1.0
CIS Microsoft SQL Server 2014 Benchmark v1.5.0
CIS Microsoft SQL Server 2012 Benchmark v1.5.0
CIS Microsoft SQL Server 2008 R2 Benchmark v1.7.0
CIS Microsoft SQL Server 2008 R2 Benchmark v1.6.0
MySQL
CIS Oracle MySQL Community Server 5.7 Benchmark v1.0.0
CIS Oracle MySQL Community Server 5.6 Benchmark v1.1.0
CIS Oracle MySQL Enterprise Edition 5.6 Benchmark v1.1.0
CIS Oracle MySQL Enterprise Edition 5.6 Benchmark v1.0.0
PostgreSQL




DNS and Authentication Servers
Office Applications
Office 365


Office 2016






Office 2013
CIS Microsoft Office 2013 Benchmark v1.1.0
CIS Microsoft Office Excel 2013 Benchmark v1.0.1
CIS Microsoft Office Outlook 2013 Benchmark v1.1.0
CIS Microsoft Office PowerPoint 2013 Benchmark v1.0.1
CIS Microsoft Office Word 2013 Benchmark v1.1.0
CIS Microsoft Office Access 2013 Benchmark v1.0.1
Virtualization and Container Servers
VMware
CIS VMware ESXi 6.7 Benchmark v1.1.0
CIS VMware ESXi 6.5 Benchmark v1.0.0
CIS VMware ESXi 5.5 Benchmark v1.2.0
CIS VMware ESXi 5.1 Benchmark v1.0.1
Docker
CIS Docker Benchmark v1.2.0
CIS Docker Community Edition Benchmark v1.1.0
CIS Docker 1.13.0 Benchmark v1.0.0
CIS Docker 1.12.0 Benchmark v1.0.0
CIS Docker 1.11.0 Benchmark v1.0.0
CIS Docker 1.6 Benchmark v1.0.0
Kubernetes
CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1
CIS Google Kubernetes Engine (GKE) Benchmark v1.1.0
CIS Google Kubernetes Engine (GKE) Benchmark v1.0.0
CIS Kubernetes Benchmark v1.6.1
CIS Kubernetes Benchmark v1.6.0
CIS Kubernetes Benchmark v1.5.1
CIS Kubernetes Benchmark v1.5.0
CIS Kubernetes Benchmark v1.4.0
CIS Kubernetes Benchmark v1.2.0
CIS Kubernetes Benchmark v1.1.0
Cloud Providers
Amazon Web Services



Hardened Services Lists
What are the recommended hardened services settings for Windows for PCI DSS, NERC-CIP, NIST 800-53 / 800-171 or other compliance standards?
NNT Ransomware Mitigation Kit
The all new NNT Ransomware Mitigation Kit, included free with every Change Tracker Gen7 R2 deployment: Layered protection against the biggest Cybersecurity threats
Recommended Windows Audit Policy settings
Download the GPO template file for direct import and deployment via Active Directory
Windows Server 2012R2
Windows Server 2012R2NNT Microsoft Windows Server 2012R2 v2-2-0 MS Audit Only L1
NNT Microsoft Windows Server 2012R2 v2-2-0 DC Audit Only L1
Recommended Linux Audit Policy settings
Download the NNT Audit Policy Wizard file for direct execution on your host, or for mass deployment using Puppet, for example, and automatically configure an auditor-ready audit policy.
Sample PCI DSS Reports
Sample NIST 800-53 reports
Microsoft Windows Server 2019
Sample Report NNT NIST 800-53 Microsoft Windows Server 2019 Benchmark
Sample NIST 800-171 reports
Windows Server
NNT NIST 800-171 Microsoft Windows Server 2019 Benchmark
NNT NIST 800-171 Microsoft Windows Server 2016 Benchmark
NNT NIST 800-171 Microsoft Windows Server 2012-R2 Benchmark
NNT NIST 800-171 Microsoft Windows Server 2012 Benchmark
Sample DISA STIG Reports
Windows Server
2012R2
![]() |
Windows 2012 and 2012 R2 MS V2R6 Manual STIG |
![]() |
Windows 2012 R2 Member Server STIG |
![]() |
Windows 2012 and 2012 R2 MS V2R6 STIG Viewer Export |
![]() |
NNT Windows 2012R2 MS STIG |
Virtualization and Container Servers
![]() |
Docker Enterprise 2-x Linux UNIX STIG |
General Purpose Operating Systems
![]() |
General Purpose Operating System SRG |
Sample Sarbanes-Oxley SOX Reports
Sample ISO 27K Reports