Skip to main content

Mondoo 8.18 is out!

ยท 3 min read
Tim Smith
Mondoo Core Team

๐Ÿฅณ Mondoo 8.18 is out! This release includes new organization wide API keys, updated CIS benchmark policies, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container

๐ŸŽ‰ NEW FEATURESโ€‹

Organization-wide API keysโ€‹

Take your API game from spaces all the way to your organization with new organization-wide API token generation. These tokens have access to the organization and each space within your organization. Automate away!

API Token Generation

๐Ÿงน IMPROVEMENTSโ€‹

Updated CIS benchmark policiesโ€‹

There's nothing better than the most up-to-date security recommendations and this week we're shipping the latest and greatest for MS 365, GKE, and Kubernetes.

Microsoft 365 Foundations Benchmark 2.0โ€‹

This truly massive update includes 14 new controls and 36 updated controls with improved descriptions and remediation steps. We especially like the new MFA checks that are a must-have for any Microsoft 365 admin.

New controls:

  • Access reviews for high privileged Azure AD roles
  • Ensure two Emergency Access accounts have been defined
  • SharePoint and OneDrive integration with Azure AD B2B
  • Access reviews for Guests E5
  • Microsoft 365 on the web restrictions
  • Restrict non-admin users from creating tenants
  • Ensure custom banned passwords lists are used
  • Idle session timeout
  • Ensure 'Phishing-resistant MFA strength' is required for Administrators
  • Microsoft Authenticator is configured to protect against MFA fatigue
  • Microsoft Azure Management restrictions
  • Restrict access to the Azure AD administration portal' is set to 'Yes'
  • Strict protection preset for Priority accounts
  • New recommendation for users tagged as priority accounts

Google Kubernetes Engine Benchmark 1.4.0โ€‹

The new CIS GKE Benchmark is updated for Kubernetes 1.25 and the latest features in GKE. Say goodbye to legacy Pod Security Policies checks and say hello to a whole new set of controls for Pod Security Standards.

New and updated vanilla Kubernetes CIS Benchmarksโ€‹

CIS released several Kubernetes benchmarks for vanilla Kubernetes installations, including multiple benchmarks for specific Kubernetes releases and an unversioned benchmark targeting the latest Kubernetes release. Mondoo now includes an updated CIS Kubernetes Benchmark targeting Kubernetes 1.25. If you're running Kubernetes 1.24 and want a version-specific benchmark, apply the new CIS Kubernetes V1.24 Benchmark.

  • CIS Kubernetes V1.24 Benchmark - Level 1 - Worker Node
  • CIS Kubernetes V1.24 Benchmark - Level 2 - Worker Node
  • CIS Kubernetes V1.24 Benchmark - Level 1 - Master Node
  • CIS Kubernetes V1.24 Benchmark - Level 2 - Master Node

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Fix detection of services on Raspbian Linux.
  • Fix failures running the Windows CIS policies.
  • Rework all Kubernetes queries in policies for improved reliability.
  • Properly render properties in the Open Registry.
  • Fix policies in the Open Security Registry showing invalid properties.