Overview
Video 1
Video 1
Video 2
Video 3
The CIS Hardened Image Level 2 on Microsoft Windows Server 2016 is a pre-configured image built by the Center for Internet Security (CIS®) for use on Amazon Elastic Compute Cloud (Amazon EC2). It is a pre-configured, security-hardened image that aligns with the robust security recommendations, the CIS Benchmarks, making it easier for organizations to meet regulatory requirements.
Not only is this image pre-hardened to the CIS Benchmarks guidance, but it is also patched monthly in alignment with the updates from the software vendor.
Key Benefits
This image is hardened against the corresponding Level 2 profile which is intended for environments or use cases where security is paramount, acts as a defense in depth measure, and may negatively inhibit the utility or performance of the technology. No components are installed on or removed from this image outside of those already present on the base image or as recommended in alignment with the corresponding CIS Benchmark recommendations.
To demonstrate conformance to the CIS Microsoft Windows Server 2016 Level 2 Benchmark, industry-recognized hardening guidance, each image includes an HTML report from CIS Configuration Assessment Tool (CIS-CAT® Pro). Each CIS Hardened Image contains the following files:
These reports are located in C:\CIS Hardening Reports.
If this instance is used in a domain environment where policies are managed globally, the majority of the security settings will be changed and managed by domain policies.
For customized pricing options or private offers, reach out to us at cloudsecurity@cisecurity.org .
To learn more or access the corresponding CIS Benchmark, please visit https://www.cisecurity.org/cis-benchmarks or sign up for a free account on our community platform, CIS WorkBench, https://workbench.cisecurity.org/ .
Highlights
- Hardened according to a Level 2 CIS Benchmark that is developed in a consensus-based process and that is accepted by government, business, industry, and academia.
- Helps with compliance to PCI DSS, FedRAMP, DoD Cloud Computing SRG, FISMA, select NIST publications, and more.
- Pre-configured to align with industry best practices that are developed and supported by CIS, this image has hardened account and local policies, firewall configuration, and computer-based and user-based administrative templates.
Details
Typical total price
$0.143/hour
Features and programs
Financing for AWS Marketplace purchases
Pricing
- ...
Instance type | Product cost/hour | EC2 cost/hour | Total/hour |
---|---|---|---|
t2.nano | $0.022 | $0.008 | $0.03 |
t2.micro AWS Free Tier | $0.022 | $0.016 | $0.038 |
t2.small | $0.022 | $0.032 | $0.054 |
t2.medium | $0.022 | $0.064 | $0.086 |
t2.large Recommended | $0.022 | $0.121 | $0.143 |
t2.xlarge | $0.022 | $0.227 | $0.249 |
t2.2xlarge | $0.022 | $0.433 | $0.455 |
t3.nano | $0.022 | $0.01 | $0.032 |
t3.micro AWS Free Tier | $0.022 | $0.02 | $0.042 |
t3.small | $0.022 | $0.039 | $0.061 |
Additional AWS infrastructure costs
Type | Cost |
---|---|
EBS General Purpose SSD (gp2) volumes | $0.10/per GB/month of provisioned storage |
Vendor refund policy
Refunds through AWS are not available at this time. You will only be billed for actual time of instance use. As with all CIS security products, our aim is always 100 percent customer/member satisfaction.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
NA
Additional details
Usage instructions
Once the instance is running, choose Get Windows Password in the EC2 console then connect using a Remote Desktop Connection (RDP) client. The RDP client MUST be able to authenticate using NTLMv2. See https://technet.microsoft.com/en-us/library/cc738867%28v=ws.10%29.aspx for more information. Immediately apply latest security updates after launching the instance.
Support
Vendor support
Questions, feedback, and support accessing CIS-developed AMIs is provided by contacting
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Customer reviews
Not the "homerun" I was hoping for.
Organization is wanting to use Inspector to validate that launched EC2s are adequately hardened. Further, they wanted to evaluate against Inspector's CIS benchmarks. Figured, "if I start from an official AMI, it ought to be a homerun to get a clean output from Inspector". Launch an EC2 from the AMI. Discover that the AMI is missing the AWS agent. Correct this gap. Run Inspector. Wait for report. Report comes back with nearly 40 "High" findings (nearly 30 if you ignore the DC-only and NG-only findings).
Notice, "oh, this AMI is built using the 1.3.0.2 benchmarks and Inspector is using the 1.1.0 benchmarks. Go back to AWSMP and click on the "view older versions" link under the AMI. Am simply taken back to the AMI's normal information page with no indication of availability of back-rev AMIs that I might need.
Report back issues to my organization. They note, "but those findings are all HIGH findings".
Not the "homerun" I was hoping for.