A single operating system can have over 200 configuration settings, which means that hardening an image manually can be a tedious process. Want to save time without risking cybersecurity? Use a Center for Internet Security (CIS) Hardened Image. CIS Hardened Images are preconfigured to meet the robust security recommendations of the CIS Benchmarks.
Oracle Cloud Marketplace currently offers customers the ability to use the CIS Hardened Images for Microsoft Windows, Ubuntu, CentOS, and Oracle Linux.
The Center for Internet Security builds their Hardened Images from the recommendations in the CIS Benchmarks. CIS Benchmarks are a set of configuration guidelines designed to reduce cybersecurity risks to IT systems. A community of public and private security professionals, the CIS community develops the CIS Benchmarks through a consensus-based process.
The CIS Benchmarks provide prescriptive guidance for securely configuring Microsoft Windows. Ubuntu, CentOS, and Oracle Linux. The Benchmarks includes over 350 configuration recommendations specific to the operating systems. CIS updates the CIS Benchmarks as threats evolve. Updates can vary depending on the community and the major release schedule of the technology the CIS Benchmark supports. CIS Hardened Images are patched monthly for vulnerabilities and any changes from the CIS Benchmark.
Using CIS Hardened Images for virtual machines (VMs) is a great way to meet certain aspects of compliance frameworks, like PCI DSS or FedRAMP, that require organizations to establish and manage a secure configuration of IT assets deployed in the cloud. Oracle customers deploying in Oracle Cloud Infrastructure (OCI) can use the CIS Hardened Images to reduce their overall cybersecurity threats on OCI. For example, JD Edwards deployments on Microsoft Windows 2019 can benefit from the added security afforded by the CIS Hardened Image for Microsoft Windows Server 2019.
At only $0.02 per virtual server hour (January 2021), not including the cost of the VM itself, all these images are a cost-effective way to reduce security threats.
The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through their core competencies of collaboration and innovation.
They’re a community-driven nonprofit responsible for the CIS Controls and CIS Benchmarks, globally recognized best practices for securing IT systems and data. CIS leads a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Their Hardened Images provide secure, on-demand, scalable computing environments in the cloud.
Most CIS Benchmarks include multiple configuration profiles. A profile definition describes the configurations assigned to benchmark recommendations.
The Level 1 profile is considered a base recommendation that you can implement promptly and is designed to not have an extensive performance impact. The Level 1 profile benchmark intends to lower the attack surface of your organization while keeping machines usable and not hindering business functionality.
The Level 2 profile is defense in depth and is intended for environments where security is paramount. If not implemented appropriately or without due care, the recommendations associated with the Level 2 profile can have an adverse effect on your organization.
The following CIS Hardened Images are available on the Oracle Cloud Marketplace, as of January 2021:
CIS CentOS Linux 6 Benchmark-Level 1
CIS CentOS Linux 7 Benchmark-Level 1
CIS Microsoft Windows Server 2012R2 Benchmark-Level 1
CIS Microsoft Windows Server 2012R2 Benchmark-Level 2
CIS Microsoft Windows Server 2016 Benchmark-Level 1
CIS Microsoft Windows Server 2016 Benchmark-Level 2
CIS Microsoft Windows Server 2016 Benchmark-STIG
CIS Microsoft Windows Server 2019 Benchmark-Level 1
CIS Microsoft Windows Server 2019 Benchmark-Level 2
CIS Oracle Linux 6 Benchmark-Level 1
CIS Oracle Linux 7 Benchmark-Level 1
CIS Oracle Linux 8 Benchmark-Level 1
CIS Ubuntu Linux 16.04 LTS Benchmark-Level 1
CIS Ubuntu Linux 18.04 LTS Benchmark-Level 1
CIS Ubuntu Linux 20.04 LTS Benchmark-Level 1
The Oracle Cloud Marketplace listings are also available in US Gov and US DoD regions. CIS provides one of the first non-Oracle listings available in those regions.
All the listings are easily deployed into your tenancy. It takes the following simple steps:
From the hamburger menu in the top-left corner, select Marketplace, then Applications.
On the right side, select Center for Internet Security in the Publisher list.
Select your favorite CIS Marketplace listing. I chose CIS Ubuntu Linux 18.04 LTS Benchmark 1-Level 1.
Select the compartment you want to deploy, the image, accept the terms of use and partner terms and conditions, and click Launch Instance.
You can now launch the VM as you usually do, but with the security of a CIS Hardened Image.
Learn more about setting up and operating a secure environment in Oracle Cloud Infrastructure!