CIS is Launch Partner for Amazon Web Services, Inc. (AWS) New Authority to Operate (ATO) on AWS APN Program

CIS Hardened Images, Amazon Machine Images (AMIs) Configured to CIS Benchmarks, Help Accelerate Compliance

EAST GREENBUSH, N.Y., Aug. 15, 2019 — CIS® (Center for Internet Security, Inc.) is an official launch partner in Authority to Operate (ATO) on Amazon Web Services (AWS), a new Amazon Partner Network (APN) program. AWS formally rolled out the program in June 2019 at the AWS Public Sector Summit in Washington, D.C.

ATO on AWS Simplifies Path to Compliance

The ATO on AWS program addresses the broad needs and unique compliance requirements encountered in regulated markets. The Federal Risk and Authorization Management Program (FedRAMP) and The Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) are examples of security frameworks that traditionally require complex paths to compliance.

ATO on AWS is a partner-driven process helping organizations converge common security frameworks to be secure and address compliance requirements at the same time. CIS and other partners worked with AWS to develop the AWS Security Automation and Orchestration (SAO) methodology which enables AWS customers to constrain, track, and publish continuous risk treatments (CRT). CRT is a process and technology approach using AWS services and partner solutions to detect, maintain, and in most cases correct security, compliance, and threats.

“Our partnership within the ATO on AWS will have multiple benefits for our customers, including improving cloud security and reducing time to develop a compliant environment,” said Curtis Dukes, EVP CIS Security Best Practices & Automation Group.

CIS Hardened Images and CIS Benchmarks

Using CIS Hardened Images® is an important part of ATO on AWS. CIS Hardened Images are Amazon Machine Images (AMIs) that are pre-configured to meet the security recommendations of the CIS Benchmarks, consensus-based configuration standards for technologies.

“CIS Hardened Images take the guesswork out of secure configuration,” said Troy Bertram, General Manager, Worldwide Public Sector Business Development, Amazon Web Services. “CIS Benchmarks are recognized by security frameworks like FedRAMP, the DoD SRG, and PCI-DSS; using CIS Hardened Images speeds time to compliance.”

CIS Hardened Images, as configured to the CIS Benchmarks™ can be utilized for cloud devices/systems as defined in the DoD SRG, Version 1, Release 3 which states:

“Impact Level 2: While the use of STIGs and SRGs by CSPs is preferable, industry standard baselines such as those provided by the Center for Internet Security (CIS) benchmarks are an acceptable alternative to the STIGs and SRGs.”

Learn more about CIS Hardened Images on AWS:

About CIS

CIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. The CIS Controlsand CIS Benchmarks are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. Our CIS Hardened Images® are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud. CIS is home to both the Multi-State Information Sharing & Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing & Analysis Center (EI-ISAC®), which supports the cybersecurity needs of U.S. State, Local, and Territorial election offices. To learn more, visit or follow us on Twitter: @CISecurity.