When operating in the public cloud, the security of your systems and data is ultimately your responsibility. CIS Hardened Images offer built-in secure configuration and compliance with guidance you can trust. They are configured to follow the recommendations of the globally-recognized CIS Benchmarks®, which are the only consensus-based, vendor-agnostic, best-practice security configuration guides both developed and accepted through consensus by government, business, industry, and academia.
Virtual Image vs. Hardened Virtual Image
Virtual machine images offer the same functionality as a physical computer, but off a snapshot of a running instance in a virtual environment. They reside in the cloud and enable you to cost-effectively perform routine computing operations without investing in local hardware and software.
Hardened virtual images offer extra security in the cloud by limiting potential weaknesses that make systems vulnerable to cyber attacks. They help protect against denial of service, unauthorized data access, and other cyber threats.
Enhanced Security and Achieving Compliance
CIS Benchmarks recommendations are designed to support your enterprise’s overall security against cyber attacks, and they map to the CIS Critical Security Controls® (CIS Controls®).
CIS Benchmarks are recognized as a secure configuration standard by:
- DoD Cloud Computing Security Recommendation Guide (SRG)
- Payment Card Industry Data Security Standard (PCI DSS)
- Federal Information Security Management Act (FISMA)
- Federal Financial Institutions Examination Council (FFIEC)
- Federal Risk and Authorization Management Program (FedRAMP)
- National Institute of Standards and Technology (NIST)
- National Checklist Program Repository
This recognition also applies to CIS Hardened Images, as their configuration is based on the CIS Benchmarks. A 2023 Gartner report found that “[u]sing hardened images significantly improves cloudsecurity by ensuring that virtual machine images adhere to the highest security standards from the start.” According to Gartner, this “helps in minimizing vulnerabilities and ensures compliance with industry benchmarks, making cloud deployments more secure and reliable."
For organizations and industries that want to achieve compliance with Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) standards, CIS offers several CIS Benchmarks mapped to STIG standards. CIS STIG Benchmarks note any DISA STIG recommendations not included in the CIS STIG Benchmarks. From these guidelines, CIS also offers CIS STIG Hardened Images.
Learn More about CIS STIG Hardened Images
Support Clients with an Elevated Level of Cloud Security
In our CIS Hardened Images Reseller Program, we work with managed service providers (MSPs), managed security service providers (MSSPs), and IT consultants to sell CIS Hardened Images to their clients as part of what they already offer. This enables service providers to deliver built-in, cloud-based security configurations as additional value to their clients.
Start Using CIS Hardened Images
CIS Hardened Images bring the globally recognized secure configuration recommendations of the CIS Benchmarks to the cloud. Securely pre-configured virtual machine images are available to deploy immediately from the major cloud provider marketplaces.
