diff --git a/ee/cis/macos-14/README.md b/ee/cis/macos-14/README.md
index a83cd38d4a..0d42e27f6b 100644
--- a/ee/cis/macos-14/README.md
+++ b/ee/cis/macos-14/README.md
@@ -1,6 +1,6 @@
-# macOS 14.0 Sonoma benchmark
+# macOS 14 Sonoma benchmark
 
-Fleet's policies have been written against v1.0 of the benchmark. You can refer to the [CIS website](https://www.cisecurity.org/cis-benchmarks) for full details about this version.
+Fleet's policies have been written against v1.1.0 of the benchmark. You can refer to the [CIS website](https://www.cisecurity.org/cis-benchmarks) for full details about this version.
 
 For requirements and usage details, see the [CIS Benchmarks](https://fleetdm.com/docs/using-fleet/cis-benchmarks) documentation.
 
diff --git a/ee/cis/macos-14/cis-policy-queries.yml b/ee/cis/macos-14/cis-policy-queries.yml
index d277be53fd..250f3acdba 100644
--- a/ee/cis/macos-14/cis-policy-queries.yml
+++ b/ee/cis/macos-14/cis-policy-queries.yml
@@ -1,5 +1,5 @@
 ---
-# The latest version of CIS Benchmarks for macOS as of January 2024 for macOS 14.
+# The latest version of CIS Benchmarks for macOS as of August 2024 for macOS 14.
 apiVersion: v1
 kind: policy
 spec:
@@ -518,17 +518,19 @@ spec:
 apiVersion: v1
 kind: policy
 spec:
-  name: CIS - Ensure Time Is Set Within Appropriate Limits (Fleetd Required)
+  name: CIS - Ensure the Time Service Is Enabled
   platforms: macOS
   platform: darwin
   description: |
-    Correct date and time settings are required for authentication protocols, file creation, modification dates and log entries.
-    The time offset compared to time.apple.com must be between -270.x and 270.x seconds.
-  resolution: Make sure the device can connect to time.apple.com to synchronize time.
-  query: SELECT * FROM sntp_request WHERE server = 'time.apple.com' AND clock_offset_ms <= 270000 AND clock_offset_ms >= -270000;
+    In macOS 10.14, Apple replace ntp with timed for time services, and is used to ensure correct time is kept. Correct date and time settings are required for authentication protocols, file creation, modification dates and log entries. 
+  resolution: |
+        Ask your system administrator to deploy a script that will configure:
+        /usr/bin/sudo /bin/launchctl load -w /System/Library/LaunchDaemons/com.apple.timed.plist
+  query: |
+    SELECT 1 WHERE  EXISTS(SELECT * FROM processes WHERE path = '/usr/libexec/timed');
   purpose: Informational
   tags: compliance, CIS, CIS_Level1
-  contributors: lucasmrod 
+  contributors: defensivedepth
 ---
 apiVersion: v1
 kind: policy
@@ -1366,10 +1368,10 @@ spec:
 apiVersion: v1
 kind: policy
 spec:
-  name: CIS - Ensure Location Services Is in the Menu Bar
+  name: CIS - Ensure 'Show Location Icon in Control Center when System Services Request Your Location' Is Enabled
   platforms: macOS
   platform: darwin
-  description: Checks that Location Services option is presented in the Menu Bar.
+  description: This setting provides the user an understanding of the current status of Location Services and which applications are using it.
   resolution: |
     Automated method:
     Ask your system administrator to deploy an MDM profile that enables the "location services" icon in menu bar when System Services request your location.
@@ -1713,15 +1715,16 @@ spec:
     that can be attempted against the RAM that has the encryption keys or the running operating system protected
     by a login screen.
 
-    Mac systems should be set to hibernate after sleeping for a risk-acceptable time period.
     MacBooks should be set so that the `standbydelay` is 15 minutes (900 seconds) or less.
+    Mac systems should be set to hibernate after sleeping for a risk-acceptable time period.
+    Organizations may still decide to use hibernate after sleeping if there is a security need 
+    (ex. international travel), but it can cause kernel panics in Apple Silicon Macs.
   resolution: |
     Ask your system administrator to deploy the following script to Macbook devices:
     if [[ $(uname -m) == 'arm64' ]]; then
             # Apple silicon
             /usr/bin/sudo /usr/bin/pmset -a standby 900
             /usr/bin/sudo /usr/bin/pmset -a destroyfvkeyonstandby 1
-            /usr/bin/sudo /usr/bin/pmset -a hibernatemode 25
     else
             # Intel
             /usr/bin/sudo /usr/bin/pmset -a standbydelaylow 900
@@ -1762,12 +1765,11 @@ spec:
             SELECT 1 FROM system_info WHERE cpu_type = 'arm64e'
           ) AND EXISTS (
             SELECT
-                CAST(JSON_EXTRACT(battery, '$.standby') AS INTEGER) AS standby,
-                CAST(JSON_EXTRACT(battery, '$.hibernatemode') AS INTEGER) AS hibernatemode
+                CAST(JSON_EXTRACT(battery, '$.standby') AS INTEGER) AS standby
             FROM (
                 SELECT JSON_EXTRACT(json_result, '$.Battery Power:') AS battery FROM pmset WHERE getting = 'custom'
             )
-            WHERE standby <= 900 AND hibernatemode = 25
+            WHERE standby <= 900
           )
         )
     );
@@ -2213,11 +2215,12 @@ spec:
   platforms: macOS
   platform: darwin
   description: |
-    macOS's audit facility, auditd, receives notifications from the kernel when certain system calls, such as open, fork, and exit, are made. These notifications are captured and written to an audit log.
+    macOS's audit facility, auditd, receives notifications from the kernel when certain system calls, such as open, fork, and exit, are made. These notifications are captured and written to an audit log. Apple has deprecated auditd as of macOS 11.0 Big Sur. In macOS 14.0 Sonoma it is no longer enabled by default..
   resolution: |
     Automated method:
-    Ask your system administrator to deploy the following script which will enable security auditing:
+    Ask your system administrator to deploy the following script which will enable security auditing and create the audit_control file::
     /usr/bin/sudo /bin/launchctl load -w /System/Library/LaunchDaemons/com.apple.auditd.plist
+    /usr/bin/sudo /bin/cp /etc/security/audit_control.example /etc/security/audit_control
   query: | 
     SELECT 1 WHERE EXISTS (
       SELECT
@@ -2664,14 +2667,11 @@ spec:
   platforms: macOS
   platform: darwin
   description: |
-    Software sometimes insists on being installed in the /System/Volumes/Data/System Directory and has inappropriate world-writable permissions.
-    Macs with writable files in System should be investigated forensically. A file with open writable permissions is a sign of at best a rogue application.
-    It could also be a sign of a computer compromise and a persistent presence on the system.
-    The audit check excludes the "Drop Box" folder that is part of Apple's default user template.
+    Software sometimes insists on being installed in the /System/Volumes/Data/System Directory and has inappropriate world-writable permissions. Macs with writable files in System should be investigated forensically. A file with open writable permissions is a sign of at best a rogue application. It could also be a sign of a computer compromise and a persistent presence on the system.
   resolution: |
     Ask your system administrator to deploy a script that will ensure folders are not world-writable in the /System folder. 
     /usr/bin/sudo IFS=$'\n'
-    for sysPermissions in $( /usr/bin/find /System/Volumes/Data/System -type d -perm -2 | /usr/bin/grep -v "Drop Box" ); 
+    for sysPermissions in $( /usr/bin/find /System/Volumes/Data/System -type d -perm -2 | /usr/bin/grep -vE "Drop Box|locks" ); 
     do
       /bin/chmod -R o-w "$sysPermissions"
     done
@@ -3035,13 +3035,13 @@ spec:
   resolution: |
     Automated method:
     Ask your system administrator to deploy a script that runs the following:
-      /usr/bin/sudo /usr/bin/security authorizationdb write system.login.screensaver use-login-window-ui
+      /usr/bin/sudo /usr/bin/security authorizationdb write system.login.screensaver authenticate-session-owner
   query: |
     SELECT 1 WHERE EXISTS (
       SELECT JSON_EXTRACT(json_result, '$.rule') AS rule
       FROM authdb
       WHERE right_name = 'system.login.screensaver' AND 
-      rule LIKE '%use-login-window-ui%'
+      rule LIKE '%authenticate-session-owner%'
     );
   purpose: Informational
   tags: compliance, CIS, CIS_Level1
@@ -3448,6 +3448,39 @@ spec:
 ---
 apiVersion: v1
 kind: policy
+spec:
+  name: CIS - Ensure Show Status Bar Is Enabled (MDM Required)
+  platforms: macOS
+  platform: darwin
+  description: |
+    The Status Bar in Safari shows the full URL of any link on hover. It protects the user from visiting sites where the domain has been obfuscated by allowing the user to review whether the link points to an unexpected location.
+  resolution: |
+    Automated method:
+    Profile Method:
+    Create or edit a configuration profile with the following information:
+      1. The PayloadType string is com.apple.Safari
+      2. The key to include is ShowOverlayStatusBar 
+      3. The key must be set to: <true/>
+  query: |
+    SELECT 1 WHERE 
+      EXISTS (
+        SELECT 1 FROM managed_policies WHERE 
+            domain='com.apple.Safari' AND 
+            name='ShowOverlayStatusBar' AND 
+            (value = 1 OR value = 'true')
+        )
+      AND NOT EXISTS (
+        SELECT 1 FROM managed_policies WHERE 
+            domain='com.apple.Safari' AND 
+            name='ShowOverlayStatusBar' AND 
+            (value != 1 AND value != 'true')
+        );  
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1
+  contributors: defensivedepth
+---
+apiVersion: v1
+kind: policy
 spec:
   name: CIS - Ensure Secure Keyboard Entry Terminal.app Is Enabled (MDM Required)
   platforms: macOS