Mondoo 8.14 is out!
Announcing the 8.14 release of Mondoo, the security and compliance platform that prioritizes risks that matter most in your infrastructure.
๐ฅณ Mondoo 8.14 is out! This release includes support for the Okta Terraform provider, CIS 2.0 Benchmarks for Windows, Debian 12 support, and more!
Get this release: Installation Docs | Package Downloads | Docker Container
๐ NEW FEATURES
Okta security policy in Terraform
In addition to our existing support for scanning Okta organizations, Mondoo now provides Okta security guidance for users of the Okta Terraform provider from the HashiCorp Terraform Registry.
Mondoo now provides Okta HealthInsight recommendations at all stages of the Terraform lifecycle:
- Terraform HCL
- Terraform Plan
- Terraform State
- Okta API / Runtime
Get started with the latest version of the Mondoo Okta Organization Security policy.
๐งน IMPROVEMENTS
Debian 12 support
In line with the June 10th release of Debian 12 "Bookworm," Mondoo now fully supports Debian 12 operating systems. Mondoo automatically tracks and reports on security advisories for Debian 12 and all official packages, and will report on EOL dates for this release.
Windows CIS Benchmark Policies updated to version 2.0
Mondoo now supports version 2.0 of the CIS Benchmark for Windows. The CIS benchmarks are prescriptive configuration recommendations for IT systems from the Center for Internet Security (CIS). They are developed through a consensus-based process involving global cybersecurity experts, and evolve over time to meet new threats.
The latest Windows CIS Benchmark policies include new security checks as well as improved audit & remediation documentation.
Windows 10
CIS Microsoft Windows 10 Enterprise Benchmark - Level 1 (L1) - Corporate/Enterprise Environment (general use) CIS Microsoft Windows 10 Enterprise Benchmark - Level 1 (L1) + BitLocker (BL) CIS Microsoft Windows 10 Enterprise Benchmark - Next Generation Windows Security (NG) - optional add-on for use in the newest hardware and configuration environments CIS Microsoft Windows 10 Enterprise Benchmark - Level 2 (L2) + BitLocker (BL) CIS Microsoft Windows 10 Enterprise Benchmark - Level 2 (L2) - High Security/Sensitive Data Environment (limited functionality)
Windows 11
CIS Microsoft Windows 11 Enterprise Benchmark - Level 1 (L1) - Corporate/Enterprise Environment (general use) CIS Microsoft Windows 11 Enterprise Benchmark - Level 1 (L1) + BitLocker (BL) CIS Microsoft Windows 11 Enterprise Benchmark - Level 2 (L2) + BitLocker (BL) CIS Microsoft Windows 11 Enterprise Benchmark - Level 2 (L2) - High Security/Sensitive Data Environment (limited functionality) CIS Microsoft Windows 11 Enterprise Benchmark - Next Generation Windows Security (NG) - optional add-on for use in the newest hardware and configuration environments
Windows 2016
CIS Microsoft Windows Server 2016 Benchmark - Level 1 - Member Server CIS Microsoft Windows Server 2016 Benchmark - Level 2 - Member Server CIS Microsoft Windows Server 2016 Benchmark - Next Generation Windows Security - Member Server CIS Microsoft Windows Server 2016 Benchmark - Level 1 - Domain Controller CIS Microsoft Windows Server 2016 Benchmark - Level 2 - Domain Controller CIS Microsoft Windows Server 2016 Benchmark - Next Generation Windows Security - Domain Controller
Windows 2019
CIS Microsoft Windows Server 2019 Benchmark - Level 1 - Member Server CIS Microsoft Windows Server 2019 Benchmark - Level 2 - Member Server CIS Microsoft Windows Server 2019 Benchmark - Next Generation Windows Security - Member Server CIS Microsoft Windows Server 2019 Benchmark - Level 1 - Domain Controller CIS Microsoft Windows Server 2019 Benchmark - Level 2 - Domain Controller CIS Microsoft Windows Server 2019 Benchmark - Next Generation Windows Security - Domain Controller
Windows 2022
CIS Microsoft Windows Server 2022 Benchmark - Level 1 - Member Server CIS Microsoft Windows Server 2022 Benchmark - Level 2 - Member Server CIS Microsoft Windows Server 2022 Benchmark - Next Generation Windows Security - Member Server CIS Microsoft Windows Server 2022 Benchmark - Level 1 - Domain Controller CIS Microsoft Windows Server 2022 Benchmark - Level 2 - Domain Controller CIS Microsoft Windows Server 2022 Benchmark - Next Generation Windows Security - Domain Controller
๐ BUG FIXES AND UPDATES
- Don't show unnecessary output columns when running
cnspec bundle lint. - Update the Linux Security policy by Mondoo to suggest masking some services to prevent starts.
- Fix error messages when running
.none()MQL queries. - Fix duplicate labels in the Kubernetes operator Helm chart that prevented installation.
- Fix the
.where()and.contains()MQL helpers to properly handle comparisons of variables. - Add missing KMS controls to the Google GKE CIS Benchmarks.
- Improve checks in the Terraform HCL Security Static Analysis for AWS/GCP policies to work with multiple providers with the same name.
Mondoo 8.15 is out!
Announcing the 8.15 release of Mondoo, the security and compliance platform that prioritizes risks that matter most in your infrastructure.
Mondoo 8.13 is out!
Announcing the 8.13 release of Mondoo, the security and compliance platform that prioritizes risks that matter most in your infrastructure.