The CIS Hardened Image Level 1 on Rocky Linux 9 is a pre-configured image built by the Center for Internet Security (CIS®) for use on Amazon Elastic Compute Cloud (Amazon EC2). It is a pre-configured, security-hardened image that aligns with the robust security recommendations, the CIS Benchmarks, making it easier for organizations to meet regulatory requirements.

Not only is this image pre-hardened to the CIS Benchmarks guidance, but it is also patched monthly in alignment with the updates from the software vendor.

Key Benefits

Enhanced Security: Mitigates risks like malware, denial of service, and authorization issues by following globally-recognized secure configuration guidance to support your cloud security posture management (CSPM) program.

Compliance Readiness: Helps your organization comply with PCI DSS, FedRAMP, DoD Cloud Computing SRG, FISMA, select NIST publications, and more.

Faster Deployment: Pre-configured according to CIS Benchmarks, allowing you to deploy secure virtual machine images.

Consistency Across Environments: Ensures consistent security configurations across development, testing, and production environments, reducing drift and compatibility risks.

Cost Efficiency: Lowers remediation efforts, reduces attack surface, and minimizes business loss from security incidents.

Easier Maintenance: Regular updates ensure that your systems are always in line with the latest security standards and software patches.

This image is hardened against the corresponding Level 1 profile which is intended to be practical and prudent, provide a clear security benefit, and not inhibit the utility of the technology beyond acceptable means. No packages are installed on or removed from this image outside of those already present on the base image or as recommended in alignment with the corresponding CIS Benchmark recommendations.

To demonstrate conformance to the CIS Rocky Linux 9 Level 1 Benchmark, industry-recognized hardening guidance, each image includes an HTML report from CIS Configuration Assessment Tool (CIS-CAT® Pro). Each CIS Hardened Image contains the following files:

BaseCIS-CATReport.html - this provides a report of CIS-CAT Pro run against the instance before any change is made by CIS (e.g., software updates, CIS hardening).

basevm.txt - this provides a list of the packages resident on the instance prior to any change being made by CIS (e.g., software updates, CIS hardening).

CIS-CAT_Report.html - this provides a report of CIS-CAT Pro run against the instance after the corresponding CIS Benchmark was applied to the image.

Exceptions.txt - this provides a list of recommendations that are not applied because the configuration of those recommendations may inhibit the use of this image in this CSP, require environment-specific expertise, or hinder the integration of this image with CSP services or extensions.

afterhardening.txt - this provides a list of packages resident on the instance after the corresponding CIS Benchmark was applied to the image.

These reports are located in /home/CISHardenedReports.

For customized pricing options or private offers, reach out to us at cloudsecurity@cisecurity.org.

To learn more or access the corresponding CIS Benchmark, please visit https://www.cisecurity.org/cis-benchmarks or sign up for a free account on our community platform, CIS WorkBench, https://workbench.cisecurity.org/.