AWS and CIS - hardening AMIs and deployments to meet security requirements.

 

Source

CIS provides resources to help organizations meet their responsibilities of the shared responsibility model for cloud security on AWS. Best practice configuration guides include the CIS AWS Foundations Benchmark, CIS Amazon Linux 2 Benchmark, and service-based guidance like the CIS Amazon Elastic Kubernetes Service (EKS) Benchmark. These configuration guides contain prescriptive guidance to secure configurations for a subset of AWS services and account-level settings. There is an emphasis on foundational, testable, and architecture agnostic settings.

 

To develop these and other CIS Benchmarks, the participation of subject matter experts and technology vendors is essential. One of those contributing technology vendors is AWS. The insight they provide for the CIS Amazon Web Services Foundations Benchmark is invaluable to its success. As with any CIS Benchmark, the community for that technology comes to consensus on what to include.

New versions of CIS Benchmarks for AWS are now available, and the updated information include:

Download CIS AWS Foundations Benchmark

 

While the foundations and service-based CIS Benchmarks help configure the cloud environment securely, CIS Hardened Images provide secure operating systems. CIS Hardened Images are built on base operating systems (OS). CIS pre-configures the security recommendations of the CIS Benchmarks into the OS. Popular examples include Microsoft Windows Server and Red Hat Enterprise Linux. A variety of industries use CIS Hardened Images due to the ease of secure configuration and the relative low cost to achieve that security.

CIS Hardened Images have been available on AWS Marketplace since 2015. CIS Hardened Images are available in all AWS Regions including the AWS GovCloud (US) Region.

 

CIS works with AWS Marketplace as well as the AWS Worldwide Public Sector. In 2019, CIS became an Authority to Operate (ATO) on AWS launch partner. ATO on AWS consists of varying resources that help expedite the authorization process for common compliance frameworks. APN partners in this program have access to both technical Security Automation and Orchestration (SAO) capabilities as well as direct engagement with highly qualified AWS compliance specialists. This accreditation validates the support that CIS provides to organizations to help them meet common compliance