New Hardened VMs from CIS: Graviton2 & Windows 2019 STIG
The Center for Internet Security (CIS) has released three new CIS Hardened Images. CIS built two of these new hardened virtual machines (VMs) on Amazon Web Services (AWS) Graviton2 processors: CIS Hardened Images for Ubuntu Linux 20.04 and Amazon Linux 2. The third hardened VM for Microsoft Windows 2019 STIG is available on the AWS, Microsoft Azure, Google Cloud Platform, and Oracle Cloud Marketplaces.
Why Use CIS Hardened VMs?
CIS Hardened Images bring the globally recognized standards of the CIS Benchmarks to the cloud. CIS Benchmarks are consensus-based secure configuration guidelines. They are an acceptable standard to help meet compliance for: HIPAA, PCI DSS, NIST, DoD Cloud Computing SRG, and FedRAMP. Because CIS builds these hardened VMs to CIS Benchmark standards, they can also help meet compliance to these frameworks.
In addition, these hardened VMs offer:
- Upfront cost savings – Operating in the cloud eliminates the need to invest in hardware as your business’s needs change.
- No maintenance burden – CIS patches these hardened VMs regularly for software updates, vulnerabilities, and new CIS Benchmark releases.
- Independent secure configurations – CIS Benchmarks are the only consensus-based secure configuration guidelines both developed and accepted by business, industry, government, and academia.
Every CIS Hardened Image includes a CIS-CAT Pro Assessment report. CIS-CAT evaluates the application of recommended policy settings on a system according to the CIS Benchmark. In each hardened VM, the assessment report demonstrates the CIS Benchmark recommendations applied to the CIS Hardened Image. A README text file accompanies the report, which lists any exceptions necessary for that CIS Hardened Image to run in the cloud.
CIS Hardened Images on AWS Graviton2 Processors
AWS custom builds AWS Graviton processors using 64-bit Arm Neoverse cores. AWS Graviton2 processors deliver 40% better price performance compared to current generation x86-based instances. In addition to the hardening from CIS, these new hardened VMs on AWS Graviton2 processors feature key capabilities that enable developers to run cloud native applications securely. Examples include the always-on 256-bit DRAM encryption and 50% faster per core encryption performance compared to first-generation AWS Graviton.
Help Meet STIG Compliance with CIS Hardened Images
We are in a multi-framework era. Many organizations must comply with multiple cybersecurity policies and regulatory and legal frameworks. Meeting compliance for these frameworks is easier said than done.
CIS STIG Hardened Images are a new option for configuring systems according to CIS and DISA STIGs in the cloud. Built to the recommendations of the CIS STIG Benchmarks, these Images contain the existing consensus-based CIS Benchmark Level 1 and Level 2 profiles mapped to applicable STIG recommendations. They also include a new STIG profile that details additional requirements from the STIG not covered in the Level 1 and Level 2 profiles to represent all recommendations needed to meet the STIG.
Using CIS Hardened Images built to CIS Benchmark recommendations can help IT professionals not only secure their enterprise cloud environments, but also provide evidence of compliance toward common frameworks.