Benchmark Version Does Not Match CIS STIG Hardened Image Version

Product Name

CIS Hardened Images® (AWS)

Product Version

STIG Hardened Images

Date

Dec 28, 2021

Problem

The Benchmark version on the CIS Hardened Image Report does not match the version number of the Security Technical Implementation Guide (STIG) CIS Hardened Image (e.g., Hardened Image Report Benchmark v1.0.0.1/CIS Amazon Linux 2 STIG Benchmark v.2.0.0.2).

Solution

To account for the added STIG compliance, a manual check (Profile 3) is created for the STIG portion of CIS STIG Hardened Images.

Read the Exceptions.txt file to see the explanation - located in the /home/CIS_Hardened_Reports directory.

For example, an Exceptions.txt file for a STIG Hardened Images will state something similar to this:

“This image has been configured to pass consensus-based CIS Amazon Linux 2 Benchmark Level 1 and Level 2 profiles, which have been mapped to applicable Defense Information Systems Agency (DISA) Red Hat Enterprise Linux 7 Security Technical Implementation Guide (STIG) recommendations. A Level 3 profile has been created that includes additional requirements from the STIG that were not covered in the Level 1 and Level 2 profiles, and applicable requirements have been implemented in this image with Exceptions noted below.”

Therefore, the version differences that you are seeing are intentional and do not affect the quality of the image in any way.

Keywords; hardened image STIG

Content by Label

Page:

Feature Enhancement Requests for CIS Products

Center for Internet Security®

Privacy Policy