Listing Thumbnail

    CIS Hardened Image STIG on Red Hat Enterprise Linux 8

     Info
    Sold by: Center for Internet Security 
    AWS Free Tier
    This product has charges associated with the pre-built hardening to the CIS Benchmarks™ and recurring maintenance. The CIS Hardened Images® are hardened in accordance with the associated CIS Benchmarks, an industry best practice for secure configuration. Reduce cost, time, and risk by building your AWS solution with CIS AMIs.
    4
    1 AWS reviews
    |
    21 external reviews
    View purchase options
    Listing Thumbnail

    CIS Hardened Image STIG on Red Hat Enterprise Linux 8

     Info
    Sold by: Center for Internet Security 
    View purchase options

    Overview

    The CIS Hardened STIG Image on Red Hat Enterprise Linux 8 is a pre-configured image built by the Center for Internet Security (CIS®) for use on Amazon Elastic Compute Cloud (Amazon EC2). It is a pre-configured, security-hardened image that aligns with the robust security recommendations, the CIS Benchmarks, making it easier for organizations to meet regulatory requirements. Not only is this image pre-hardened to the CIS Benchmarks guidance, but it is also patched monthly in alignment with the updates from the software vendor. Key Benefits

  • Enhanced Security: Mitigates risks like malware, denial of service, and authorization issues by following globally-recognized secure configuration guidance to support your cloud security posture management (CSPM) program.
  • Compliance Readiness: Helps your organization comply with PCI DSS, FedRAMP, DoD Cloud Computing SRG, FISMA, select NIST publications, and more.
  • Faster Deployment: Pre-configured according to CIS Benchmarks, allowing you to deploy secure virtual machine images.
  • Consistency Across Environments: Ensures consistent security configurations across development, testing, and production environments, reducing drift and compatibility risks.
  • Cost Efficiency: Lowers remediation efforts, reduces attack surface, and minimizes business loss from security incidents.
  • Easier Maintenance: Regular updates ensure that your systems are always in line with the latest security standards and software patches. Guidance from the DoD Cloud Computing SRG indicates that CIS Benchmarks are an acceptable alternative when DISA STIGs are not available. DISA STIGs are configuration standards for DoD Information Assurance (IA) and IA-enabled devices/systems. Launching an image that is hardened according to the CIS STIG Benchmark recommendations provides the ability to easily implement CIS guidance and DISA STIG at once. No packages are installed on or removed from this image outside of those already present on the base image or as recommended in alignment with the corresponding CIS Benchmark recommendations. To demonstrate conformance to the CIS Red Hat Enterprise Linux 8 STIG Benchmark, industry-recognized hardening guidance, each image includes an HTML report from CIS Configuration Assessment Tool (CIS-CAT® Pro). Each CIS Hardened Image contains the following files:
  • Base_CIS-CAT_Report.html - this provides a report of CIS-CAT Pro run against the instance before any change is made by CIS (e.g., software updates, CIS hardening).
  • basevm.txt - this provides a list of the packages resident on the instance prior to any change being made by CIS (e.g., software updates, CIS hardening).
  • CIS-CAT_Report.html - this provides a report of CIS-CAT Pro run against the instance after the corresponding CIS Benchmark was applied to the image.
  • Exceptions.txt - this provides a list of recommendations that are not applied because the configuration of those recommendations may inhibit the use of this image in this CSP, require environment-specific expertise, or hinder the integration of this image with CSP services or extensions.
  • afterhardening.txt - this provides a list of packages resident on the instance after the corresponding CIS Benchmark was applied to the image. These reports are located in /home/CIS_Hardened_Reports. For customized pricing options or private offers, reach out to us at cloudsecurity@cisecurity.org. To learn more or access the corresponding CIS Benchmark, please visit https://www.cisecurity.org/cis-benchmarks or sign up for a free account on our community platform, CIS WorkBench, https://workbench.cisecurity.org/.

    • Highlights

    • Hardened according to a Level 2 CIS Benchmark that is developed in a consensus-based process and that is accepted by government, business, industry, and academia.
    • Helps with compliance to PCI DSS, FedRAMP, DoD Cloud Computing SRG, FISMA, select NIST publications, and more.
    • Pre-configured to align with industry best practices that are developed and supported by CIS, this image has hardened account and local policies, firewall configuration, and computer-based and user-based administrative templates.

    Details

    Sold by
    Center for Internet Security 
    Categories
    Operating Systems 
    Security 
    Collaboration & Productivity 
    Delivery method
    Delivery option
    64-bit (x86) Amazon Machine Image (AMI)
    Latest version
    Operating system
    Rhel 8

    Typical total price

    This estimate is based on use of the seller's recommended configuration (t3.medium) in the US East (N. Virginia) Region. View pricing details

    $0.092/hour

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases
    View financing details

    Pricing

    CIS Hardened Image STIG on Red Hat Enterprise Linux 8

     Info
    View purchase options
    Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covering your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    Usage costs (439)

     Info
    • ...
    Instance type
    Product cost/hour
    EC2 cost/hour
    Total/hour
    t2.micro
    AWS Free Tier
    $0.022
    $0.026
    $0.048
    t2.small
    $0.022
    $0.038
    $0.06
    t2.medium
    $0.022
    $0.075
    $0.097
    t2.large
    $0.022
    $0.122
    $0.144
    t2.xlarge
    $0.022
    $0.243
    $0.265
    t2.2xlarge
    $0.022
    $0.486
    $0.508
    t3.micro
    AWS Free Tier
    $0.022
    $0.039
    $0.061
    t3.small
    $0.022
    $0.05
    $0.072
    t3.medium
    Recommended
    $0.022
    $0.07
    $0.092
    t3.large
    $0.022
    $0.112
    $0.134

    Additional AWS infrastructure costs

    Type
    Cost
    EBS General Purpose SSD (gp2) volumes
    $0.10/per GB/month of provisioned storage

    Vendor refund policy

    Refunds through AWS are not available at this time. You will only be billed for actual time of instance use. As with all CIS security products, our aim is always 100 percent customer/member satisfaction.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    64-bit (x86) Amazon Machine Image (AMI)

    Amazon Machine Image (AMI)

    An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.

    Version release notes

    NA

    Additional details

    Usage instructions

    Once the instance is running, connect using SSH. Use "ec2-user" as the username. Immediately apply latest security updates after launching the instance via the command "yum upgrade".

    Support

    Vendor support

    Questions, feedback, and support accessing CIS-developed AMIs is provided by contacting

    Get support

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Get support

    Similar products

    CIS Hardened Image STIG on Amazon Linux 2
    By Center for Internet Security
    This product has charges associated with the pre-built hardening to the CIS Benchmarks™ and recurring maintenance. The CIS Hardened Images® are hardened in accordance with the associated CIS Benchmarks, an industry best practice for secure configuration. Reduce cost, time, and risk by building your AWS solution with CIS AMIs.
    View product
    CIS Hardened Image STIG on Microsoft Windows Server 2019
    By Center for Internet Security
    This product has charges associated with the pre-built hardening to the CIS Benchmarks™ and recurring maintenance. The CIS Hardened Images® are hardened in accordance with the associated CIS Benchmarks, an industry best practice for secure configuration. Reduce cost, time, and risk by building your AWS solution with CIS AMIs.
    View product
    Oracle Linux Server 8.6 with Oracle Unbreakable Kernel
    By Technology Leadership Corporation
    Oracle Linux Server 8.6 SELinux enforcing Minimal HVM. Added ec2-user policy context for highest security. This AMI uses IMDSV2 'optional' only.
    View product
    Red Hat Enterprise Linux (RHEL) 9.2 with support by Tiov IT
    By TIOV IT
    This is a repackaged open source software product wherein additional charges apply for technical support provided by Tiov IT. For any support related issues please email us at support@tiovit.com This RedHat Enterprise Linux 9.2 is available preconfigured by Tiov IT to have the latest patches and security settings at image launch. Updates are performed on a regular basis
    View product

    Customer reviews

    Write a review

    Ratings and reviews

     Info
    4
    1 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    100%
    0%
    0%
    0%
    1 AWS reviews
    |
    21 external reviews
    External reviews are sourced from G2  and are not included in the star rating for this product.
    Ketan S.

    Its good one

    Reviewed on Dec 31, 2023
    Review provided by G2
    What do you like best about the product?
    we can install our required packages smooth
    What do you dislike about the product?
    Its specific commands need to search or expertize need
    What problems is the product solving and how is that benefiting you?
    This Operating system provide platform
    Leave a comment1 comments
    Zahid H.

    CIS benchmark is more secure than default

    Reviewed on Dec 01, 2023
    Review provided by G2
    What do you like best about the product?
    when you pair RHEL minimal installation with CIS benchmark. You are now double edge sord.
    What do you dislike about the product?
    The CIS benchmark scripts for opensource OS should be free to use
    What problems is the product solving and how is that benefiting you?
    CIS almost locked all doors of entries. Sometimes an attacker filled the tmp file thru garbage data which halts the OS. in case of CIS benchmarked machine it helps you so that the application face challange due to unab le to generate data at tmp path
    Leave a comment1 comments
    Great Image - Fix the Audit rules

    Great Image but audit rules

    Reviewed on May 26, 2023
    Purchase verified by AWS

    This is a great image which has different filesystems for /var/log/ /var/log/audit /home and /tmp. When we tried to deploy the Redhat image and apply stigs, we found the audit and messages filesystems were overloading the kernel and the IO from those precluded the image from running in a healthy stage. Using this CIS image with the CAT II STIGs, made it perfect.

    However, CIS is sloppy in apply the audit rules on this image. Out of the box we found that there exists a audit.rules and CIS.rules file that contain duplicate entries that error on the OS and with security agents that use the rules. This is just sloppy and should be addressed by CIS

    Leave a comment0 comments
    Sandeep B.

    Highly recommended , very easy to use

    Reviewed on Apr 25, 2023
    Review provided by G2
    What do you like best about the product?
    CIS red hat comes pre-installed with most software that you need.
    What do you dislike about the product?
    Same old GUI but I prefer command line. GUI could be upgraded to modern standards
    What problems is the product solving and how is that benefiting you?
    Databases backend, software application development environment
    Leave a comment1 comments
    Insurance

    Great stability

    Reviewed on Nov 02, 2022
    Review provided by G2
    What do you like best about the product?
    Grat stability and good support,updates usually go well and do not require any tinkering to keep it working as expected
    What do you dislike about the product?
    The licensing can be a bit pricey whenever you use a los of instances,
    What problems is the product solving and how is that benefiting you?
    Having a stable Linux distro with enterprise support
    Leave a comment1 comments
    View all reviews