As we all know, enterprises are under attack from hackers. Administrators have to deploy operating systems in configurations that minimize attack vectors and apply security patches to maintain the latest code. It is a common best practice to take inventory of operating systems in order to see the status of support from Microsoft.
Software is not supported forever and it is prudent to migrate off a Windows Server version well before it goes End of Life/Support. Enterprises should minimize disruptions, whether by applying patches or migrating to a new version of Windows Server. Patches also fix identified bugs in the previous version and improve stability and performance. All of these reasons lead to one common thread: System Administrators need to keep software up to date to ensure the security and data integrity of their deployments. The first step a customer should do is to perform an audit of their deployments and plan on migrating off impending obsolete and unsupported software. We urge customers with self-managed environments to performs these audits on a consistent basis so they have sufficient time remaining in the software lifecycle to create a stable and secure deployments. If your software—like Windows Server 2012/2012 R2—is currently supported but going End of Support in October of 2023, performing the migration assessment as soon a possible to ensure a smooth transition is in your best interest in securing your valuable corporate resources.
This CIS Benchmark is the product of a community consensus process and consists of secure configuration guidelines developed for Microsoft Windows Server
CIS Benchmarks are freely available in PDF format for non-commercial use:
Download Latest CIS BenchmarkIncluded in this Benchmark
Free Download
CIS Benchmark
Safeguard IT systems against cyber threats with these CIS Benchmarks. Click to download a PDF from the list of available versions.
Learn more about CIS BenchmarkRecent versions available for CIS Benchmark:
* Microsoft Windows Server 2012 R2 (1.0.0)
Azure Compute Microsoft Windows Server 2022 (1.0.0)
Azure Compute Microsoft Windows Server 2019 (1.0.0)
Microsoft Windows Server 2022 (2.0.0)
Microsoft Windows Server 2019 (2.0.0)
Microsoft Windows Server 2019 STIG (1.1.0)
Microsoft Windows Server 2016 (2.0.0)
Microsoft Windows Server 2016 RTM (Release 1607) (1.3.0)
Microsoft Windows Server 2016 STIG (1.2.0)
Microsoft Windows Server 2012 (1.0.0)
Microsoft Windows Server 2012 (non-R2) (2.4.0)
Microsoft Windows Server 2012 R2 (2.6.0)
Microsoft Windows Server 2008 (2.0.0)
Microsoft Windows Server 2008 (2.1.0)
Microsoft Windows Server 2008 (non-R2) (3.3.0)
Microsoft Windows Server 2008 R2 (2.0.0)
Microsoft Windows Server 2008 R2 (3.3.0)
Microsoft Windows Server 2003 (3.0.0)
Microsoft Windows Server 2003 (3.1.0)
CIS Securesuite Members Only
Recent versions available for CIS-CAT Pro:
Microsoft Windows Server 2022 (2.0.0)
Microsoft Windows Server 2019 (2.0.0)
Microsoft Windows Server 2019 STIG (1.1.0)
Microsoft Windows Server 2016 (2.0.0)
Microsoft Windows Server 2016 RTM (Release 1607) (1.2.0)
Microsoft Windows Server 2016 STIG (1.2.0)
Microsoft Windows Server 2012 (non-R2) (2.4.0)
Microsoft Windows Server 2012 R2 (2.6.0)
Microsoft Windows Server 2008 (non-R2) (3.1.0)
Microsoft Windows Server 2008 R2 (3.3.0)
Microsoft Windows Server 2003 (3.1.0)
CIS Securesuite Members Only
Build Kits
Automate your hardening efforts for Microsoft Windows Server using Group Policy Objects (GPOs) for Microsoft Windows and Bash shell scripts for Unix and Linux environments.
Download CIS Build KitsNot a CIS SecureSuite member yet?
Recent versions available for CIS Build Kits:
Azure Compute Microsoft Windows Server 2022 (1.0.0)
Azure Compute Microsoft Windows Server 2019 (1.0.0)
Microsoft Windows Server 2022 (1.0.0)
Microsoft Windows Server 2019 (2.0.0)
Microsoft Windows Server 2019 STIG (1.1.0)
Microsoft Windows Server 2016 (2.0.0)
Microsoft Windows Server 2016 RTM (Release 1607) (1.3.0)
Microsoft Windows Server 2016 STIG (1.2.0)
Microsoft Windows Server 2012 (1.0.0)
Microsoft Windows Server 2012 (non-R2) (2.4.0)
Microsoft Windows Server 2012 R2 (2.6.0)
Microsoft Windows Server 2008 (non-R2) (3.3.0)
Microsoft Windows Server 2008 R2 (2.0.0)
Microsoft Windows Server 2008 R2 (3.3.0)
Available on all major cloud service provider marketplaces
CIS Hardened Images
Virtual machine (VM) images that are pre-configured to meet the robust security recommendations of the associated CIS Microsoft Windows Server Benchmark.
Available CIS Hardened ImagesRecent versions available for CIS Hardened Images:
Microsoft Windows Server 2022 (1.0.0)
Microsoft Windows Server 2019 (1.3.0)
Microsoft Windows Server 2019 STIG (1.1.0)
Microsoft Windows Server 2016 (1.4.0)
Microsoft Windows Server 2016 STIG (1.2.0)
Microsoft Windows Server 2012 (non-R2) (2.4.0)
Microsoft Windows Server 2012 R2 (2.6.0)
Looking for an older version?
Older versions of the CIS Benchmarks that are no longer supported by CIS and the CIS Benchmarks Community are not lised above. Access a list of archived CIS Benchmarks in Workbench.
Explore CIS Benchmarks Resources
CIS Benchmarks Community
Collaborate with SMEs, implementers, and other cybersecurity practitioners from around the world to help secure Microsoft Windows Server
Join A CommunityEffective Implementation of the CIS Benchmarks
Learn how CIS SecureSuite tools and resources help automate the assessment and implementation of CIS Benchmarks to meet security best practices.