AWS and CIS – hardening AMIs and deployments to meet security requirements.
CIS provides resources to help organizations meet their responsibilities of the shared responsibility model for cloud security on AWS. Best practice configuration guides include the CIS AWS Foundations Benchmark, CIS Amazon Linux 2 Benchmark, and service-based guidance like the CIS Amazon Elastic Kubernetes Service (EKS) Benchmark. These configuration guides contain prescriptive guidance to secure configurations for a subset of AWS services and account-level settings. There is an emphasis on foundational, testable, and architecture agnostic settings.
To develop these and other CIS Benchmarks, the participation of subject matter experts and technology vendors is essential. One of those contributing technology vendors is AWS. The insight they provide for the CIS Amazon Web Services Foundations Benchmark is invaluable to its success. As with any CIS Benchmark, the community for that technology comes to consensus on what to include.
New versions of CIS Benchmarks for AWS are now available, and the updated information include:
- Changed multiple recommendations referring to password complexity and expiration, as well as access key rotation to align with current NIST (and CIS) guidance.
- Reordered Identity and Access Management (IAM) section to align with the AWS Console interface, making it easier for users to audit and implement recommendations.
- Added recommendations to ensure that Data-in-Transit and Data-at-Rest encryption are used to protect private and sensitive information.
While the foundations and service-based CIS Benchmarks help configure the cloud environment securely, CIS Hardened Images provide secure operating systems. CIS Hardened Images are built on base operating systems (OS). CIS pre-configures the security recommendations of the CIS Benchmarks into the OS. Popular examples include Microsoft Windows Server and Red Hat Enterprise Linux. A variety of industries use CIS Hardened Images due to the ease of secure configuration and the relative low cost to achieve that security.
CIS Hardened Images have been available on AWS Marketplace since 2015. CIS Hardened Images are available in all AWS Regions including the AWS GovCloud (US) Region.
CIS works with AWS Marketplace as well as the AWS Worldwide Public Sector. In 2019, CIS became an Authority to Operate (ATO) on AWS launch partner. ATO on AWS consists of varying resources that help expedite the authorization process for common compliance frameworks. APN partners in this program have access to both technical Security Automation and Orchestration (SAO) capabilities as well as direct engagement with highly qualified AWS compliance specialists. This accreditation validates the support that CIS provides to organizations to help them meet common compliance