Overview
CIS Red Hat Enterprise Linux 8 STIG Hardened Image is a pre-configured image built by the Center for Internet Security (CIS) for use on Amazon Elastic Compute Cloud (Amazon EC2). It is built to offer an image secured to industry-recognized security guidance running on Amazon EC2.
This image of Red Hat Enterprise Linux 8 STIG is pre-hardened to CIS Benchmarks guidance and patched monthly. No packages are installed on or removed from this image outside of those already present on the base image or as recommended in alignment with the corresponding CIS Benchmark recommendations.
Guidance from the DoD Cloud Computing SRG indicates that CIS Benchmarks are an acceptable alternative in place of DISA STIGs - configuration standards for DoD Information Assurance (IA) and IA-enabled devices/systems. Launching an image that is hardened according to the CIS STIG Benchmark recommendations provides the ability to easily implement CIS guidance and DISA STIG at once.
To demonstrate conformance to the CIS Red Hat Enterprise Linux 8 STIG Benchmark, industry-recognized hardening guidance, each image includes an HTML report from CIS Configuration Assessment Tool (CIS-CAT Pro). Each CIS Hardened Image contains the following files:
-
Base_CIS-CAT_Report.html - this provides a report of CIS-CAT Pro run against the instance before any change is made by CIS (e.g., software updates, CIS hardening)
-
basevm.txt - this provides a list of the packages resident on the instance prior to any change being made by CIS (e.g., software updates, CIS hardening)
-
CIS-CAT_Report.html - this provides a report of CIS-CAT Pro run against the instance after the corresponding CIS Benchmark was applied to the image.
-
Exceptions.txt - this provides a list of recommendations that are not applied because the configuration of those recommendations may inhibit the use of this image in this CSP, require environment-specific expertise, or hinder the integration of this image with CSP services or extensions.
-
afterhardening.txt - this provides a list of packages resident on the instance after the corresponding CIS Benchmark was applied to the image.
These reports are located in /home/CIS_Hardened_Reports.
To speak with us about additional pricing options and private offers, please contact us at cloudsecurity@cisecurity.org .
To learn more or access the corresponding CIS Benchmark, please visit https://www.cisecurity.org/cis-benchmarks or sign up for a free account on our community platform, CIS WorkBench, https://workbench.cisecurity.org/ .
Highlights
- Hardened according to a Level 1 CIS Benchmark that is developed in a consensus-based process and that is accepted by government, business, industry, and academia.
- Using an AMI hardened by CIS reduces time, cost, and risk associated with your organization's AWS solution.
- Pre-configured to align with industry best practices that are developed and supported by CIS, this image has hardened account and local policies, firewall configuration, and computer-based and user-based administrative templates.
Details
Typical total price
$0.092/hour
Pricing
- ...
Instance type | Product cost/hour | EC2 cost/hour | Total/hour |
---|---|---|---|
t2.micro AWS Free Tier | $0.022 | $0.026 | $0.048 |
t2.small | $0.022 | $0.038 | $0.06 |
t2.medium | $0.022 | $0.075 | $0.097 |
t2.large | $0.022 | $0.122 | $0.144 |
t2.xlarge | $0.022 | $0.243 | $0.265 |
t2.2xlarge | $0.022 | $0.486 | $0.508 |
t3.micro AWS Free Tier | $0.022 | $0.039 | $0.061 |
t3.small | $0.022 | $0.05 | $0.072 |
t3.medium Recommended | $0.022 | $0.07 | $0.092 |
t3.large | $0.022 | $0.112 | $0.134 |
Additional AWS infrastructure costs
Type | Cost |
---|---|
EBS General Purpose SSD (gp2) volumes | $0.10/per GB/month of provisioned storage |
Vendor refund policy
Refunds through AWS are not available at this time. You will only be billed for actual time of instance use. As with all CIS security products, our aim is always 100 percent customer/member satisfaction.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
NA
Additional details
Usage instructions
Once the instance is running, connect using SSH. Use "ec2-user" as the username. Immediately apply latest security updates after launching the instance via the command "yum upgrade".
Resources
Support
Vendor support
Questions, feedback, and support accessing CIS-developed AMIs is provided by contacting
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Customer reviews
Its good one
CIS benchmark is more secure than default
Great Image but audit rules
This is a great image which has different filesystems for /var/log/ /var/log/audit /home and /tmp. When we tried to deploy the Redhat image and apply stigs, we found the audit and messages filesystems were overloading the kernel and the IO from those precluded the image from running in a healthy stage. Using this CIS image with the CAT II STIGs, made it perfect.
However, CIS is sloppy in apply the audit rules on this image. Out of the box we found that there exists a audit.rules and CIS.rules file that contain duplicate entries that error on the OS and with security agents that use the rules. This is just sloppy and should be addressed by CIS