Secure Cloud Environments for U.S. Government Agencies in AWS GovCloud
CIS Hardened Images are securely configured virtual machines which are now available to spin up in the AWS GovCloud (US) region. AWS customers can quickly launch pre-configured CIS Hardened Images ready to run on AWS and only pay for what they use, either by the hour or the year. They have been available in AWS Marketplace since 2015. Availability of CIS’ pre-hardened virtual images in the AWS GovCloud (US) region helps us further our vision of leading the global community to secure the connected world. AWS Marketplace is an online store that helps customers find, buy and immediately start using software, including CIS Hardened Images.
Having access to the CIS AMIs in AWS GovCloud is a major win for us - not only do they save us time in what would normally be a manually intensive process of applying individual CIS Benchmarks, we are able to maintain our security configuration baselines and a DFARS compliant environment at the same time. From an operational and audit standpoint, we will be able to speed up delivery of services and provide predictable outcomes.
- Robert Daugherty, Chief Information Security Officer, Cobham Advanced Electronic Solutions
What are CIS Hardened Images?
As more resources shift from on-premises to cloud-based environments, virtual images (sometimes called virtual machines images, or on AWS, Amazon Machine Images (AMIs)) become more popular. They are a cost-effective option for projects with limited resources to purchase, store, and maintain hardware. A virtual image is a template of an operating system (OS) or application environment installed on software that imitates dedicated hardware. These virtual images are available to “spin up” as many instances as you need in the various cloud computing platforms like AWS.
CIS Hardened Images are securely configured based on the CIS Benchmarks, a set of recommendations developed through a consensus-based process by a community of cybersecurity experts around the world. The CIS Benchmarks are an internationally recognized secure configuration standard used by over 1,600 businesses to improve their cybersecurity defenses.
The CIS Benchmarks are available in several formats:
- As free PDF downloads
- As part of a CIS SecureSuite Membership, which provides remediation content to configure systems
- As virtual machines that have been preconfigured: CIS Hardened Images
What is AWS GovCloud (US) Region?
AWS GovCloud (US) is an AWS region designed to allow U.S. government agencies at the federal, state and local level, along with contractors, educational institutions and other U.S. customers to run sensitive workloads in the cloud. This region offers security, privacy and isolated resources, compliance, and hybrid architectures that extend on-premises infrastructure to the cloud.
Beyond the assurance programs applicable to all AWS regions, the AWS GovCloud (US) region allows customers to adhere to U.S. International Traffic in Arms Regulations (ITAR) regulations, the Federal Risk and Authorization Management Program (FedRAMP) requirements, and Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) Levels 2 and 4.
How Can I Access CIS Hardened Images in the AWS GovCloud (US) Region?
Access to AWS GovCloud (US) requires a separate account ID and user access credentials in addition to those required for an associated standard AWS Marketplace account. Qualified customers who are not already using AWS GovCloud (US) can request access from the AWS Management Console of a standard AWS account or by contacting an AWS business representative.
After access is set up the owner can then select AWS GovCloud (US) in the region drop-down of a CIS Hardened Image on the AWS Marketplace.
CIS Hardened Images available on AWS GovCloud (US) can be used to power a wide variety of IT applications and workloads, including enterprise applications. CIS Hardened Images are available for Red Hat Enterprise Linux, Microsoft Windows Server, Amazon Linux, and more.