Advancing Cloud Security with CIS on AWS

Increased demand for remote work capabilities continues throughout 2020. Customer security in the cloud remains an important part of that growth. The Center for Internet Security (CIS), in conjunction with Amazon Web Services (AWS), has worked to enhance security in the already secure AWS Cloud since 2015.

The AWS Shared Responsibility Model makes it easy to understand the role cloud consumers play in protecting their unique AWS environments. CIS security best practices can help organizations achieve cloud security from the customer’s side of the responsibility model.

AWS is an active participant, along with other volunteer members of the CIS Communities, that develop guidance for configuring account-level settings in the AWS environment and related services to add enhanced security to the AWS Cloud. In addition, CIS offers securely configured Amazon Machine Images (CIS Hardened Images) on AWS Marketplace. As part of its participation in the AWS Partner Network (APN), CIS has achieved Advanced Tier partner status.

Consensus-based Cloud Security Guidance

CIS provides resources to help organizations meet their responsibilities of the shared responsibility model for cloud security on AWS. Best practice configuration guides include the CIS AWS Foundations Benchmark, CIS Amazon Linux 2 Benchmark, and service-based guidance like the CIS Amazon Elastic Kubernetes Service (EKS) Benchmark. These configuration guides contain prescriptive guidance to secure configurations for a subset of AWS services and account-level settings. There is an emphasis on foundational, testable, and architecture agnostic settings.

To develop these and other CIS Benchmarks, the participation of subject matter experts and technology vendors is essential. One of those contributing technology vendors is AWS. The insight they provide for the CIS Amazon Web Services Foundations Benchmark is invaluable to its success. As with any CIS Benchmark, the community for that technology comes to consensus on what to include.

New versions of CIS Benchmarks for AWS are now available and the updated information include:

• Changed multiple recommendations referring to password complexity and expiration, as well as access key rotation to align with current NIST (and CIS) guidance.
• Reordered Identity and Access Management (IAM) section to align with the AWS Console interface, making it easier for users to audit and implement recommendations.
• Added recommendations to ensure that Data-in-Transit and Data-at-Rest encryption are used to protect private and sensitive information.

Download CIS AWS Foundations Benchmark

Secure Amazon Machine Images on AWS Marketplace

While the foundations and service-based CIS Benchmarks help configure the cloud environment securely, CIS Hardened Images provide secure operating systems. CIS Hardened Images are built on base operating systems (OS). CIS pre-configures the security recommendations of the CIS Benchmarks into the OS. Popular examples include Microsoft Windows Server and Red Hat Enterprise Linux. A variety of industries use CIS Hardened Images due to the ease of secure configuration and the relative low cost to achieve that security.

CIS Hardened Images have been available on AWS Marketplace since 2015. CIS Hardened Images are available in all AWS Regions including the AWS GovCloud (US) Region.

CIS works with AWS Marketplace as well as the AWS Worldwide Public Sector. In 2019, CIS became an Authority to Operate (ATO) on AWS launch partner. ATO on AWS consists of varying resources that help expedite the authorization process for common compliance frameworks. APN partners in this program have access to both technical Security Automation and Orchestration (SAO) capabilities as well as direct engagement with highly qualified AWS compliance specialists. This accreditation validates the support that CIS provides to organizations to help them meet common compliance frameworks.

Building Trust: APN Advanced Tier Partner

In August 2020, CIS reached the Advanced Tier of the AWS Partner Network (APN), AWS’s global partner program for technology and consulting businesses who leverage AWS to build solutions and services for customers. Advanced is the highest partner tier a technology vendor can attain with AWS.As part of this effort, CIS staff obtained more than 18 AWS certifications and accreditations including: Certifications – Professional/Specialty, Associate, and Foundational Accreditations – AWS Business Professional and AWS Technical Professional CIS is proud to be an APN Partner with AWS to provide consensus-based globally-recognized cloud security resources, including the CIS Hardened Images.