How does CIS create and maintain Hardened Image?
Product Name
CIS Hardened Images® (Google Cloud Platform)
CIS Hardened Images® (AWS)
CIS Hardened Images® (Oracle)
CIS Hardened Images® (Azure)
Product Version
All
Date
Sep 13, 2023
Problem
We’re interested in purchasing a pre-secured Image in the Cloud Service Provider’s Marketplace, what are the CIS Hardened Images?
Solution
CIS Hardened Images are pre-configured images built by the Center for Internet Security (CIS) for use on AWS, Azure, Google Cloud Platform and Oracle Cloud Platform. All base images are provided directly to CIS by the C.S.P. The CIS Hardened Images are direct derivatives of the CIS Benchmarks and are built to offer an Image secured to industry-recognized security guidance.
Prior to an Image’s release no packages are installed on, or removed from, the CIS image outside of those already present on the base image or as recommended in alignment with the corresponding CIS Benchmark recommendations.
To demonstrate conformance to the CIS Benchmark's industry-recognized hardening guidance, each image includes an HTML report from CIS Configuration Assessment Tool (CIS-CAT Pro). Please see https://cisecurity.atlassian.net/wiki/spaces/SCFKB/pages/2917236780for additional information regarding accessing these hardening reports.
Following the purchase of a CIS Hardened Image, the image is now owned by and the sole responsibility of the end user. CIS will no longer access the image in any way. Maintaining the image’s security and configuration is now the responsibility of the end user.
Keywords; HI hardening image
Content by Label