Benchmark V4.0.0 CIS - Release 4.1.0

What's Changed

Release 4.1.0

April 2026

• Updated the cloud based system check for manual overrides. New variable now in the defualt main. Please read the comments for the new variable.
• Updated 18.10.57.3.10.1 variable accept anything between 1 and 900000 in Hardening & GPO.
• Updated Section 2 GPO for win_skip_for_test controls. Read comments in default/main.
• Issues Addressed:
  • #2 - Thanks @davidstanaway
  • #7 - Thanks @R2J2 (Updated When Statement to take into account Bool now)
  • #86 - Thanks @git-cgallagher (Windows 2022 Issue Added Here To Update 2025)
  • #84 - Thanks @Randriy-bulynko (Windows 2022 Issue Added Here To Update 2025)
  • #87 - Thanks @Randriy-bulynko (Windows 2022 Issue Added Here To Update 2025)
  • #83 - Thanks @exu-g (Windows 2022 Issue Added Here To Update 2025)
• PR's Addressed:
  • #3 - Thanks @MatthieuLeboeuf

September 2025

• Updated When For Control 18.4.6
• Updated Title 2.3.10.10
• Updated 2.3.6.5 Task
• PR's Addressed:
  • #79 - Thanks @ShawnHardwick

Release 4.0.0

June 2025

• This Release is based on CIS Benchmark v4.0.0
• Internal 90 Auto Promotion Workflows Added
• Fixed Tags from _ to . in he control numbers to align with other controls.
• Issues Addressed:
  • Fixed GPO 18.9.26.2 to enter the correct registry entry.
• CIS Control Changes Summary (v4.0.0 vs v3.0.0) - Please review them in the CIS documentation and adjust your playbooks.
  • Removed
    • 2.3.1.1: Accounts: Block Microsoft accounts removed; all controls in the section shifted up
    • 18.4.2: Removed; all subsequent controls moved up
    • 18.10.15.8: Removed in v4.0.0
    • 18.10.42.17: Removed in v4.0.0
  • Added
    • 2.3.11.8: Network security: LDAP client encryption requirements
    • 2.3.11.14: New control
    • 2.3.17.2: Valid variable checking
    • 18.4.6: Valid variable checking
    • 18.6.4.4: IPV6 DNS Servers
    • 18.6.7.1: Lanman Server SMB
    • 18.6.8.2: Lanman Workstation Encryption
    • 18.10.18.4: Malware Scan Override
    • 18.10.18.6: MSS Certificate Validation Bypass
    • 18.10.18.7: Windows Package Manager command line
    • 18.10.29.2: Mark of the Web tag
    • 18.10.43.4.1: Enable EDR in block mode
    • 18.10.43.8.1: Convert warn verdict
    • 18.10.43.10.1: Configure real-time protection during OOBE
    • 18.10.43.11.1.1.1: Configure Brute-Force Protection aggressiveness
    • 18.10.43.11.1.1.2: Configure Remote Encryption Protection Mode
    • 18.10.43.11.1.2.1: Remote Encryption Protection blocks threats
    • 18.10.43.13.1: Scan excluded files and directories
    • 18.10.43.13.4: Trigger a quick scan after X days
    • 18.10.43.17: Control whether exclusions are visible to local users
    • 18.10.58.2: Enable Basic feed authentication over HTTP
  • Updated
    • 2.2.38: Title updated in Remediate and GPO
    • 18.6.4.1: Replaced in v4.0.0
    • 18.7.2, 18.7.3, 18.7.5: Title updates
    • 18.9.13.1, 18.9.19.2: Title updates
    • 18.10.18.1: Level changed to Level 2
    • 18.10.28.2 → 18.10.29.3: Moved due to new 18.10.29.2
    • 18.10.42.6.1: Removed One of the ASR's
  • Renumbered / Moved
    • 18.10.5.1 → 18.10.6.1
    • 18.10.7.1–3 → 18.10.8.1–3
    • 18.10.8.1.1 → 18.10.9.1.1
    • 18.10.10.1 → 18.10.11.1
    • 18.10.12.1–3 → 18.10.13.1–3
    • 18.10.13.1 → 18.10.14.1
    • 18.10.14.1–2 → 18.10.15.1–2
    • 18.10.15.1–7 → 18.10.16.1–7
    • 18.10.17.x → 18.10.18.x
    • 18.10.25.x.x → 18.10.26.x.x
    • 18.10.36.x → 18.10.37.x
    • 18.10.40.x → 18.10.41.x
    • 18.10.41.x → 18.10.42.x
    • 18.10.42.5.x → 18.10.43.5.x
    • 18.10.42.x.x.x → 18.10.43.x.x.x
    • 18.10.50.x → 18.10.51.x
    • 18.10.55.x → 18.10.56.x
    • 18.10.56.x → 18.10.57.x
    • 18.10.57.x → 18.10.58.x
    • 18.10.58.x → 18.10.59.x
    • 18.10.62.x → 18.10.63.x
    • 18.10.75.x.x → 18.10.76.x.x
    • 18.10.79.x → 18.10.80.x
    • 18.10.80.x → 18.10.81.x
    • 18.10.86.x → 18.10.87.x
    • 18.10.88.x.x → 18.10.89.x.x
    • 18.10.89.x → 18.10.90.x
    • 18.10.91.x.x → 18.10.92.x.x
    • 18.10.92.x.x → 18.10.93.x.x
  • Structural Changes
    • Section 17: Credential Validation auditing now uses the GUID {0CCE923F-69AE-11D9-BED3-505054503030}
      • This makes auditing language-agnostic and more consistent across regional builds.

• 2023 October Updates based on CIS Benchmark v2.0.0 + Typo Fixes by @frederickw082922 in #23
• Workflow Update by @frederickw082922 in #25
• CIS V3.0.0 Release by @MrSteve81 in #57
• Workflow Triggering by @MrSteve81 in #59
• Workflow, Badges, Readme, Controls, And And Changelog by @MrSteve81 in #68
• Final Move Of v3.0.0 To Main by @MrSteve81 in #76
• CIS Benchmark v4.0.0 Release by @MrSteve81 in #77
• Update Workflows - No trigger In Public by @MrSteve81 in #78
• Updates To 18.4.6 anad 2.3.10.10 by @MrSteve81 in #80
• Benchmark v4.0.0 by @MrSteve81 in #88
• Windows 2022 Major CIS V4 Updates by @MrSteve81 in #89
• Workflow triggers by @MrSteve81 in #90
• Workflow Trigger by @MrSteve81 in #91

Full Changelog: 3.0.5...4.1.0