CIS developed the AMIs, which are available in the cloud on Amazon Web Services, so organizations can leverage the benefits of the cloud while also adhering to best practice security standards.
“As more organizations use the cloud, the need for enhanced security becomes even more critical,” said Rick Comeau, strategic adviser at CIS. “Government is often very resource constrained, so they are looking more and more at the cloud. But they also have to ensure security and work with a vendor that meets FedRAMP [Federal Risk and Authorization Management Program] standards.”
The CIS AMIs are available on demand on a computer-hour basis and are the only virtual machines available in the cloud that are preconfigured based on CIS’ internationally recognized secure configuration recommendations.
“The AMIs provide a very cost-effective way to get a great extra layer of security,” said Comeau. “That means hundreds of configuration updates from what the default settings would be – a lot of which are very insecure – instantly available to state and local governments or anyone around the world.”
The CIS AMIs are available in the AWS Marketplace for use by any organization that uses Amazon Elastic Compute Cloud (EC2). They are available for six CIS benchmarks-hardened systems, including Microsoft Windows, Linux and Ubuntu.
The Center for Internet Security is an international nonprofit organization focused on enhancing the cybersecurity readiness and response of public- and private-sector entities.