Developing New Cloud Security Guidelines for Debian Linux 8 & 9

Whether your organization operates on-prem or in the cloud, cybersecurity should be your top priority. Easier said than done, right? Operating systems are configured for convenience over security, and don’t ship securely. Staying secure means meeting extensive compliance requirements, protecting data from looming cyber-attacks, 24/7 patch management, and so much more.

Thankfully, you don’t have to go at it alone. At CIS, we lead the creation of consensus-developed best practices for hardening operating systems, cloud infrastructure, applications, and more. Our teams work with a global community to develop CIS Benchmarks™ configuration guidelines for more than 100 CIS Benchmarks across 25+ vendor product families.

Read on to learn how the CIS Benchmarks are developed and how the CIS cloud security team takes them one step further. By preconfiguring virtual machine images with the recommendations of the CIS Benchmarks, the CIS Hardened Images are created for secure operation in the cloud.

CIS Benchmarks: Developed by a global community

When it came to Debian Linux 8 and Debian Linux 9, the CIS Benchmarks communities were the keystone to developing secure Debian configuration guidelines. The CIS Benchmarks, upon which the CIS Hardened Images are developed, wouldn’t exist as they do today without a worldwide community of volunteers.

The CIS Benchmarks community members are technical and security subject matter experts (SMEs), technical writers, and testers that contribute to security configuration conversations via the CIS WorkBench website. Community members play an integral role in identifying, developing, and testing configuration best practices that make up the CIS Benchmarks. So, they were vital during the development of the Debian Linux 8 and Debian Linux 9 Benchmarks.

Arrow Learn more about CIS Communities

Deciphering the consensus for Debian Linux

The community had a spirited conversation about ciphers (a way to encrypt data) when it came time to harden Debian Linux. Strong ciphers are used to provide confidentiality, or integrity, and ensure system data is not compromised. CIS Benchmark community members brought their expertise and knowledge from various walks of life to this conversation. Once the community members provided their input, the team created a blacklist of ciphers deemed inadequate and/or weak. The result is a stronger encryption standard within the CIS Benchmarks for Debian Linux 8 and Debian Linux 9.  Thus, secure Debian configurations were born.

One of the volunteers leading the Debian discussions describes the importance of the CIS Communities to cybersecurity by saying, “The greatest strength in security is community.”

“Participation in the communities that create the CIS Benchmarks not only make for better Benchmarks, as we all bring our unique perspectives and knowledge to the group, but it also strengthens us as individuals. As old ideas are challenged, new ideas are introduced, and the merits of several perspectives come together to help define ‘What is security?’.”

Stay secure in the cloud

It’s undeniable that your organization needs to keep cybersecurity as a top priority, but the question remains: how do you accomplish that? That’s where CIS Benchmarks and CIS Hardened Images come into play. CIS Benchmarks provide configuration guidelines, and then CIS Hardened Images bring these internationally-recognized security configuration recommendations to the cloud.


CIS Hardened Images for Debian Linux are available on three of the major cloud service providers: Amazon Web Services (AWS) Marketplace, including AWS GovCloud (U.S.) region; Microsoft Azure Marketplace including Microsoft Azure Government; and Google Cloud Platform (GCP).

CIS Hardened Images are preconfigured based on their respective CIS Benchmarks. Some examples of secure configuration recommendations that have been applied include:

  • Ensure AIDE is installed to help detect compromised files
  • Configure package manager repositories to enable the system to receive the latest patches and updates
  • Use strong ciphers to ensure data confidentiality and integrity

CIS Hardened Images combine the know-how and expertise of a global community of cybersecurity professionals with preconfigured OS environments in the cloud. They’re just as simple to launch as a base image, AND provide superior security to help defend against cyber threats. The only question left is, what are you waiting for?