How does CIS create and maintain Hardened Image?
Product Name
CIS Hardened ImagesĀ® (Google Cloud Platform)
CIS Hardened ImagesĀ® (AWS)
CIS Hardened ImagesĀ® (Oracle)
CIS Hardened ImagesĀ® (Azure)
Product Version
All
Date
Sep 13, 2023
Ā
Problem
Weāre interested in purchasing a pre-secured Image in the Cloud Service Providerās Marketplace, what are the CIS Hardened Images?
Ā
Solution
CIS Hardened Images are pre-configured images built by the Center for Internet Security (CIS) for use on AWS, Azure, Google Cloud Platform and Oracle Cloud Platform. All base images are provided directly to CIS by the C.S.P. The CIS Hardened Images are direct derivatives of the CIS Benchmarks and are built to offer an Image secured to industry-recognized security guidance.
Prior to an Imageās release no packages are installed on, or removed from, the CIS image outside of those already present on the base image or as recommended in alignment with the corresponding CIS Benchmark recommendations.
Ā
To demonstrate conformance to the CIS Benchmark's industry-recognized hardening guidance, each image includes an HTML report from CIS Configuration Assessment Tool (CIS-CAT Pro). Please see https://cisecurity.atlassian.net/wiki/spaces/SCFKB/pages/2917236780for additional information regarding accessing these hardening reports.
Following the purchase of a CIS Hardened Image, the image is now owned by and the sole responsibility of the end user. CIS will no longer access the image in any way. Maintaining the imageās security and configuration is now the responsibility of the end user.
Ā
Keywords; HI hardening image
Content by Label
Ā