Technical Tip: CIS benchmark compliance for FortiGate

mhemambika · ‎03-11-2025

Description	This article describes checking the CISecurity site for the CIS Benchmark for FortiGate.
Scope	Above FortiGate v7.4.x.
Solution	It is recommended to check the CISecurity site for the CIS Benchmark for Fortinet, as it includes all the necessary settings and recommendations to maintain compliance. A free account with CIS is required to access the PDFs. https://www.cisecurity.org/benchmark/fortinet https://downloads.cisecurity.org/#/ <-- Search Fortinet. In this case, it is advisable to download and review the CIS FortiGate v7.0.x Benchmark v1.2.0. This version was created for FortiOS v7.0.10, but as stated in the document's Overview on Page 6: This document provides prescriptive guidance for establishing a secure configuration posture for Fortinet FortiGate devices running Fortinet OS version 6.4 or above. The guide was tested against FortiOS v7.0.10. Alternatively, the older CIS FortiGate Benchmark v1.1.0 could be used, as it was written and tested with FortiOS v6.4. However, the newer version remains valid. It is advisable to plan for an upgrade to FortiOS v7.0 or later, as FortiOS v6.4 reached End of Engineering Support on 2023-03-31 and will reach full End of Support on 2024-09-30, meaning no further support will be provided by the Fortinet development team. As a final note, FortiOS v7.4.1 updates the Security Rating licensed service to check the FortiGate against CIS Compliance standards: Support CIS compliance standards within security ratings 7.4.1.

You are leaving our website