Skip to content

Benchmarks

The Benchmarks resource enables you to view a list of all the available Benchmarks and their information and to download Benchmark content.

What are Benchmarks?

Developed by a global community of cybersecurity professionals, CIS Benchmarks are a collection of best practices for securely configuring IT systems, software, networks, and cloud infrastructure.

Benchmarks Properties

workbenchId
integer
The unique identifier for a Benchmark per CIS WorkBench. This ID can be used to download Benchmark content.
benchmarkTitle
string
The title of the published Benchmark, e.g., 'CIS Microsoft Windows 10 Enterprise Release 2004 Benchmark'.
benchmarkVersion
string
The release version of the published Benchmark, e.g. '1.3.0'.
benchmarkStatus
Object
The current status of the Benchmark (e.g., `Approved`) and date it was applied.
workbenchStatus
Object
Whether the Benchmark is published or archived.
assessmentStatus
string
The Benchmark assessment status value.

Manual status indicates a prose-only Benchmark that does not contain Artifacts. Only intermediate formats (JSON, YAML and XCCDFPLUSAE) are available for Manual status Benchmarks.

Automated status indicates a Benchmark that contains at least one Artifact. Intermediate formats (JSON, YAML and XCCDFPLUSAE), SCAP and DATASTREAM are available for Automated status Benchmarks. In other words, the value is Automated if SCAP is an available format, otherwise the value is Manual.
availableFormats
Array of strings
A JSON array containing the available download formats, such as SCAP, YAML, JSON, XCCDFPLUSAE, and/or DATASTREAM.
profile
string
The available profile(s) for a given Benchmark.
platformId
string
The primary Common Platform Enumeration (CPE) for a given Benchmark.
assets
Array of objects
All assets relevant for a Benchmark including the assetName and assetCpe (asset specific Common Platform Enumeration (CPE)).
benchmarksUrl
string
The path to the Benchmark in CIS WorkBench.
ciscat
Object
If the Benchmark is supported for use with CIS-CAT Pro Assessor and the metadata is available, the applicable versions of CIS-CAT Pro Assessor and CIS-CAT Lite Assessor are listed here.

List Available Benchmarks 

GET /benchmarks

Fetch a list of all published Benchmarks tracked by the CIS SecureSuite Member API.

Request

N/A

Response

Returns basic information for each tracked Benchmark.

Media type: application/json

Example

Request - cURL
curl -X GET "https://workbench.cisecurity.org/api/vendor/v1/benchmarks"
Response - 200 OK
{
    "Total number of results": 310,
    "Benchmarks": [
        {
            "workbenchId": "1234",
            "benchmarkId": "xccdf_org.cisecurity.benchmarks_benchmark_1.0.0_CIS_Microsoft_Windows_Server_2012_Benchmark",
            "benchmarkTitle": "CIS Microsoft Windows Server 2012 Benchmark",
            "benchmarkVersion": "1.0.0",
            "benchmarkStatus": {
                "status": "accepted",
                "statusDate": "02/22/2013"
            },
            "workbenchStatus": {
                "status": "archived"
            },
            "assessmentStatus": "Manual",
            "availableFormats": [
                "XCCDFPLUSAE",
                "JSON",
                "YAML"
            ],
            "profile": [
                {
                    "profileId": "xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Domain_Controller",
                    "profileTitle": "Level 1 - Domain Controller"
                },
                {
                    "profileId": "xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Member_Server",
                    "profileTitle": "Level 1 - Member Server"
                }
            ],
            "platformId": "cpe:/o:microsoft:windows_server_2012",
            "assets": [
                {
                    "assetName": "Microsoft Windows Server 2012",
                    "assetCpe": "cpe:/o:microsoft:windows_server_2012",
                    "primary": "true"
                }
            ],
            "benchmarksUrl": "https://workbench.cisecurity.org/benchmarks/1234",
            "ciscat": {
                "ciscatPro": {
                    "proAssessmentStatus": "",
                    "proVersions": [

                    ]
                },
                "ciscatLite": {
                    "liteAssessmentStatus": "",
                    "liteVersions": [

                    ]
                }
            }
        },
        {
            "workbenchId": "5678",
            "benchmarkId": "xccdf_org.cisecurity.benchmarks_benchmark_1.2.1_CIS_Microsoft_Windows_Server_2019_Benchmark",
            "benchmarkTitle": "CIS Microsoft Windows Server 2019 Benchmark",
            "benchmarkVersion": "1.2.1",
            "benchmarkStatus": {
                "status": "accepted",
                "statusDate": "05/18/2021"
            },
            "workbenchStatus": {
                "status": "published"
            },
            "assessmentStatus": "Automated",
            "availableFormats": [
                "SCAP",
                "XCCDFPLUSAE",
                "JSON",
                "YAML",
                "DATASTREAM"
            ],
            "profile": [
                {
                    "profileId": "xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Domain_Controller",
                    "profileTitle": "Level 1 - Domain Controller"
                },
                {
                    "profileId": "xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Member_Server",
                    "profileTitle": "Level 1 - Member Server"
                },
                {
                    "profileId": "xccdf_org.cisecurity.benchmarks_profile_Level_2_-_Domain_Controller",
                    "profileTitle": "Level 2 - Domain Controller"
                },
                {
                    "profileId": "xccdf_org.cisecurity.benchmarks_profile_Level_2_-_Member_Server",
                    "profileTitle": "Level 2 - Member Server"
                }
            ],
            "platformId": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
            "assets": [
                {
                    "assetName": "Microsoft Windows Server 2019",
                    "assetCpe": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
                    "primary": "true"
                }
            ],
            "benchmarksUrl": "https://workbench.cisecurity.org/benchmarks/5678",
            "ciscat": {
                "ciscatPro": {
                    "proAssessmentStatus": "",
                    "proVersions": [

                    ]
                },
                "ciscatLite": {
                    "liteAssessmentStatus": "",
                    "liteVersions": [

                    ]
                }
            }
        }
    ]
}

Retrieve Benchmark Information 

GET /benchmarks/{workbenchId}

View the details of a published Benchmark tracked by the CIS SecureSuite Member API.

Request

Path Parameters
workbenchId
string
The unique identifier for a Benchmark per CIS WorkBench. This ID can be used in subsequent requests to download Benchmark content.

Response

Returns basic information (e.g., ID, Title, Version, etc.) for the specified Benchmark.

Media type: application/json

Example

Request - cURL
curl -X GET "https://workbench.cisecurity.org/api/vendor/v1/benchmarks/1234"
Response - 200 OK
{
    "Benchmark": {
        "workbenchId": "1234",
        "benchmarkId": "xccdf_org.cisecurity.benchmarks_benchmark_1.0.0_CIS_Microsoft_Windows_Server_2012_Benchmark",
        "benchmarkTitle": "CIS Microsoft Windows Server 2012 Benchmark",
        "benchmarkVersion": "1.0.0",
        "benchmarkStatus": {
            "status": "accepted",
            "statusDate": "02/22/2013"
        },
        "workbenchStatus": {
            "status": "archived"
        },
        "assessmentStatus": "Manual",
        "availableFormats": [
            "XCCDFPLUSAE",
            "JSON",
            "YAML"
        ],
        "profile": [
            {
                "profileId": "xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Domain_Controller",
                "profileTitle": "Level 1 - Domain Controller"
            },
            {
                "profileId": "xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Member_Server",
                "profileTitle": "Level 1 - Member Server"
            }
        ],
        "platformId": "cpe:/o:microsoft:windows_server_2012",
        "assets": [
            {
                "assetName": "Microsoft Windows Server 2012",
                "assetCpe": "cpe:/o:microsoft:windows_server_2012",
                "primary": "true"
            }
        ],
        "benchmarksUrl": "https://workbench.cisecurity.org/benchmarks/1234",
        "ciscat": {
            "ciscatPro": {
                "proAssessmentStatus": "",
                "proVersions": [

                ]
            },
            "ciscatLite": {
                "liteAssessmentStatus": "",
                "liteVersions": [

                ]
            }
        }
    }
}

Download Benchmarks 

GET /benchmarks/{workbenchId}/{format}

Download Benchmark content in a given serialization.

Request

Header Parameters
X-SecureSuite-Token
string
The token received from a successful license key verification, e.g., 12347b68c544113bc4notvalid358ffd4ba7f254e39c4a842cefed748
Path Parameters
workbenchId
string
The unique identifier for a specific benchmark as stored in CIS WorkBench.
format
string
The format of the content being requested: JSON, SCAP, YAML, XCCDFPLUSAE, or DATASTREAM.

Response

Returns a ZIP bundle containing the Benchmark content in the requested format.

Media type: /application/zip

Example

Request - cURL
curl -X GET ^
  -H "X-SecureSuite-Token: 15638e93802ti234" ^
  "https://workbench.cisecurity.org/api/vendor/v1/buildkit/1234"