CIS Hardened Images, Amazon Machine Images (AMIs) configured to CIS Benchmarks, help accelerate compliance
CIS® (Center for Internet Security, Inc.) is an official launch partner in Authority to Operate (ATO) on Amazon Web Services (AWS), a new Amazon Partner Network (APN) program. AWS formally rolled out the program in June 2019 at the AWS Public Sector Summit in Washington, D.C.
ATO on AWS Simplifies Path to Compliance: The ATO on AWS program addresses the broad needs and unique compliance requirements encountered in regulated markets. The Federal Risk and Authorization Management Program (FedRAMP) and The Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) are examples of security frameworks that traditionally require complex paths to compliance.
ATO on AWS is a partner-driven process helping organizations converge common security frameworks to be secure and address compliance requirements at the same time. CIS and other partners worked with AWS to develop the AWS Security Automation and Orchestration (SAO) methodology which enables AWS customers to constrain, track, and publish continuous risk treatments (CRT). CRT is a process and technology approach using AWS services and partner solutions to detect, maintain, and in most cases correct security, compliance, and threats.
“Our partnership within the ATO on AWS will have multiple benefits for our customers, including improving cloud security and reducing time to develop a compliant environment,” said Curtis Dukes, EVP CIS Security Best Practices & Automation Group.
CIS Hardened Images and CIS Benchmarks: Using CIS Hardened Images® is an important part of ATO on AWS. CIS Hardened Images are Amazon Machine Images (AMIs) that are pre-configured to meet the security recommendations of the CIS Benchmarks, consensus-based configuration standards for technologies.
Read More: Bishop Fox Uncovers Security Flaws in Mass Transit Mobile Apps
“CIS Hardened Images take the guesswork out of secure configuration,” said Troy Bertram, General Manager, Worldwide Public Sector Business Development, Amazon Web Services. “CIS Benchmarks are recognized by security frameworks like FedRAMP, the DoD SRG, and PCI-DSS; using CIS Hardened Images speeds time to compliance.”
CIS Hardened Images, as configured to the CIS Benchmarks™ can be utilized for cloud devices/systems as defined in the DoD SRG, Version 1, Release 3 which states:
“Impact Level 2: While the use of STIGs and SRGs by CSPs is preferable, industry standard baselines such as those provided by the Center for Internet Security (CIS) benchmarks are an acceptable alternative to the STIGs and SRGs.”
Check Out The New Enterprisetalk Podcast. For more such updates follow us on Google News Enterprisetalk News. Subscribe to our Newsletter for more updates.
The platform covers e entire enterprise technology space- including emerging technologies like RPA, AI, cloud, automation, and the entire gamut of digital transformation tools, strategies and management decisions.
