How are new versions and updates visually represented for each CIS Hardened Images®?

Each CIS Hardened Image is accompanied by its version number.

The version number is representative of updates made or new releases of a particular image. Below is an example of the CIS Hardened Image versioning.

Open

As an example, the CIS Hardened Image, CIS Amazon Linux 2 Benchmark v1.0.0.7, is hardened in accordance with the CIS Amazon Linux 2 Benchmark v1.0.0. If the version were CIS Amazon Linux 2 Benchmark v1.0.1.7, which would identify that it is hardened in accordance with the CIS Amazon Linux 2 Benchmark v1.0.1.

The .7 at the end of the Amazon Linux 2 CIS Hardened Image version identifies that 7 iterations of the CIS Amazon Linux 2 CIS Hardened Image have been built to stay current with the most recent vendor updates & base image in a given cloud service provider. To review OS package/kernel version updates, please visit the OS vendor website for more granular detail (https://aws.amazon.com/amazon-linux-2/release-notes/).

Any change in the first 3 numbers of a CIS Hardened Image would indicate a change in the CIS Benchmark content. If you do notice a change in the first 3 numbers of the Hardened Image in AWS, please visit https://workbench.cisecurity.org/files  and locate the benchmark that corresponds to the new version noted. You can download the PDF of the appropriate benchmark version and reference the change log at the end of the PDF document.

** Please be advised that the above description aligns directly with AWS, Google Cloud and Oracle Cloud. As a limitation of Azure’s publishing portal, only 3 version points are assigned to new releases. As such, the last point in a given version number in Azure accounts for the OS only updates. Also, note that CIS updates Linux images on a monthly basis. Sometimes the OS update and CIS update may not coincide.