CIS Hardened Images on Amazon Web Services (AWS)

CIS Hardened Images on AWS

All of these images are available on AWS Marketplace and AWS GovCloud (US) region. Those also available on the AWS Intelligence Community are noted below, excluding containers for AWS GovCloud US region.
Debian Linux

CIS Debian Linux 10 Benchmark Launch

CIS Debian Linux 9 Benchmark Launch

Ubuntu Linux

CIS Ubuntu Linux 20.04 LTS Benchmark Launch

CIS Ubuntu 20.04 LTS Benchmark (ARM) Launch

CIS Ubuntu Linux 20.04 LTS Benchmark Container Launch

CIS Ubuntu Linux 18.04 LTS Benchmark Launch (Also AIC)

CIS Ubuntu Linux 18.04 LTS Benchmark Container Launch

Amazon Linux

Level 1 | Level 2 | STIG

CIS Amazon Linux 2 Benchmark Launch (Also AIC)

CIS Amazon Linux 2 Benchmark (ARM) Launch

CIS Amazon Linux 2 Benchmark Level 2 Launch

CIS Amazon Linux 2 STIG Benchmark Launch

CIS Amazon Linux Benchmark Launch (Also AIC)

CentOS Linux

CIS CentOS Linux 8 Benchmark Launch

CIS CentOS Linux 8 Benchmark Container Launch

CIS CentOS Linux 7 Benchmark Launch (Also AIC)

CIS CentOS Linux 7 Benchmark Container Launch

Oracle Linux

CIS Oracle Linux 8 Benchmark Launch

CIS Oracle Linux 7 Benchmark Launch (Also AIC)

CIS Oracle Linux 7 Benchmark Launch

Red Hat Enterprise Linux

Level 1 | Level 2 | STIG

CIS Red Hat Enterprise Linux 8 Benchmark Launch (Also AIC)

CIS Red Hat Enterprise Linux 8 Benchmark Level 2 Launch (Also AIC)

CIS Red Hat Enterprise Linux 7 STIG Benchmark Launch

CIS Red Hat Enterprise Linux 7 Benchmark Launch (Also AIC)

CIS Red Hat Enterprise Linux 7 Benchmark Level 2 Launch (Also AIC)

SUSE Linux Enterprise Server

CIS SUSE Linux Enterprise Server 15 Benchmark Launch

CIS SUSE Linux Enterprise 12 Benchmark Launch

CIS SUSE Linux Enterprise Server 12 Benchmark Launch

NGINX

CIS NGINX on Centos Linux 7 Benchmark Webserver Launch

CIS NGINX on Ubuntu Linux 18.04 LTS Benchmark Container Launch

PostgreSQL

CIS PostgreSQL 11 on CentOS Linux 7 Benchmark Launch (Also AIC)

CIS PostgreSQL 10 on Ubuntu Linux 18.04 LTS Benchmark Container Launch (Also AIC)

Microsoft Windows Server

Level 1 | Level 2 | STIG

CIS Microsoft Windows Server 2019 Benchmark Launch (Also AIC)

CIS Microsoft Windows Server 2019 Benchmark Level 2 Launch (Also AIC)

CIS Microsoft Windows Server 2019 STIG Benchmark Launch (Also AIC)

CIS Microsoft Windows Server 2016 STIG Benchmark Launch (Also AIC)

CIS Microsoft Windows Server 2016 Benchmark Launch (Also AIC)

CIS Microsoft Windows Server 2016 Benchmark Level 2 Launch (Also AIC)

CIS Microsoft Windows Server 2012 Benchmark Launch (Also AIC)

CIS Microsoft Windows Server 2012 Benchmark Level 2 Launch (Also AIC)

CIS Microsoft Windows Server 2012 R2 Benchmark Launch (Also AIC)

CIS Microsoft Windows Server 2012 R2 Benchmark Level 2 Launch (Also AIC)

CIS and AWS Work Together

CIS AWS Foundations Benchmark

AWS joined the CIS community consensus process that created the CIS AWS Foundations Benchmark. The purpose of this CIS Benchmark is to provide prescriptive guidance for your AWS account. It provides configuration recommendations for identity and access management, monitoring and logging, and networking.

Meet your Shared Responsibility on AWS with CIS

Depending on what your organization’s cloud infrastructure looks like, the responsibility of security actions varies between the cloud user and Amazon Web Services. Simply put, the AWS Shared Responsibility Model outlines what security actions an organization is responsible for and what security actions AWS manages. CIS offers globally-recognized cybersecurity resources, including the CIS Hardened Images, that can help cloud consumers meet the expectations of the shared responsibility model. Learn more in our guide, Cloud Security and the AWS Shared Responsibility Model with CIS .

Security Automation & Orchestration (SAO)

CIS Benchmarks and CIS Hardened Images are part of the AWS SAO methodology. AWS SAO enables AWS customers to constrain, track, and publish continuous risk treatments, configurations, and assimilate DevOps routines into a “Type Accredited” secure AWS architecture. This architecture is configured to converge common security frameworks (e.g. FedRAMP, DoD CC SRG, PCI-DSS, IRS 1075, etc.) through the use of security as code practices. Learn More
CIS Hardened Images  

Request more information

AWS Resources

CIS Cloud Services Guide

Some public cloud services require extensive guidance, like Kubernetes. Access free guidelines for EKS.

Download the CIS EKS Benchmark
CIS Product Benchmarks

Using other AWS cloud services? CIS provides free guidance for services grouped by cloud product. Access the first release of CIS Cloud Product Benchmarks.

Download CIS AWS End User Compute Services Benchmark
What People are Saying:

"Based on the value, time and costs saving, I would not consider spinning up a AWS server without adding the CIS security to it for any production-level instance."

- V.P. Application Lifecycle Management CorTechs, Inc.

Partner with CIS to Resell CIS Hardened Images on AWS

CIS Hardened Images are available for SPPO and CPPO Cloud Reseller Partners in AWS Marketplace. Request information and connect with our Cloud Channel Team.