New Amazon Machine Images for Amazon Web Services, developed based on the center's secure configuration benchmarks, allow organizations to leverage the benefits of the cloud while also adhering to best practice security standards.
The Center for Internet Security (CIS) recently announced the launch of new Amazon Machine Images (AMIs) for Amazon Web Services. The newly available AMIs were developed based on the center's secure configuration benchmarks, and may help state and local governments to enable better cloud security cost effectively while improving the resiliency of their cloud-based activities.
CIS developed the AMIs, which are available in the cloud on Amazon Web Services, so organizations can leverage the benefits of the cloud while also adhering to best practice security standards.
“As more organizations use the cloud, the need for enhanced security becomes even more critical,” said Rick Comeau, strategic adviser at CIS. “Government is often very resource constrained, so they are looking more and more at the cloud. But they also have to ensure security and work with a vendor that meets FedRAMP [Federal Risk and Authorization Management Program] standards.”
The CIS AMIs are available on demand on a computer-hour basis and are the only virtual machines available in the cloud that are preconfigured based on CIS’ internationally recognized secure configuration recommendations.
“The AMIs provide a very cost-effective way to get a great extra layer of security,” said Comeau. “That means hundreds of configuration updates from what the default settings would be – a lot of which are very insecure – instantly available to state and local governments or anyone around the world.”
The CIS AMIs are available in the AWS Marketplace for use by any organization that uses Amazon Elastic Compute Cloud (EC2). They are available for six CIS benchmarks-hardened systems, including Microsoft Windows, Linux and Ubuntu.
The Center for Internet Security is an international nonprofit organization focused on enhancing the cybersecurity readiness and response of public- and private-sector entities.