Sold by: Center for Internet Security
Deployed on AWS
AWS Free Tier
This product has charges associated with the pre-built hardening to the CIS Benchmarks™ and recurring maintenance. The CIS Hardened Images® are hardened in accordance with the associated CIS Benchmarks, an industry best practice for secure configuration. Reduce cost, time, and risk by building your AWS solution with CIS AMIs
4.4
Overview
The CIS Hardened STIG Image on Red Hat Enterprise Linux 9 is a pre-configured image built by the Center for Internet Security (CIS®) for use on Amazon Elastic Compute Cloud (Amazon EC2). It is a pre-configured, security-hardened image that aligns with the robust security recommendations, the CIS Benchmarks, making it easier for organizations to meet regulatory requirements.
Not only is this image pre-hardened to the CIS Benchmarks guidance, but it is also patched monthly in alignment with the updates from the software vendor.
Key Benefits
Guidance from the DoD Cloud Computing SRG indicates that CIS Benchmarks are an acceptable alternative when DISA STIGs are not available. DISA STIGs are configuration standards for DoD Information Assurance (IA) and IA-enabled devices/systems. Launching an image that is hardened according to the CIS STIG Benchmark recommendations provides the ability to easily implement CIS guidance and DISA STIG at once. No packages are installed on or removed from this image outside of those already present on the base image or as recommended in alignment with the corresponding CIS Benchmark recommendations.
To demonstrate conformance to the CIS Red Hat Enterprise Linux 9 STIG Benchmark, industry-recognized hardening guidance, each image includes an HTML report from CIS Configuration Assessment Tool (CIS-CAT® Pro). Each CIS Hardened Image contains the following files:
These reports are located in /home/CIS_Hardened_Reports.
For customized pricing options or private offers, reach out to us at cloudsecurity@cisecurity.org .
To learn more or access the corresponding CIS Benchmark, please visit https://www.cisecurity.org/cis-benchmarks or sign up for a free account on our community platform, CIS WorkBench, https://workbench.cisecurity.org/ .
Highlights
- Hardened according to a STIG CIS Benchmark that is developed in a consensus-based process and that is accepted by government, business, industry, and academia.
- Helps with compliance to PCI DSS, FedRAMP, DoD Cloud Computing SRG, FISMA, select NIST publications, and more.
- Pre-configured to align with industry best practices that are developed and supported by CIS, this image has hardened account and local policies, firewall configuration, and computer-based and user-based administrative templates.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Rhel 9
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
If you are an AWS Free Tier customer with a free plan, you are eligible to subscribe to this offer. You can use free credits to cover the cost of eligible AWS infrastructure. See AWS Free Tier for more details. If you created an AWS account before July 15th, 2025, and qualify for the Legacy AWS Free Tier, Amazon EC2 charges for Micro instances are free for up to 750 hours per month. See Legacy AWS Free Tier for more details.
Dimension | Cost/hour |
|---|---|
t3.medium Recommended | $0.022 |
t3.micro | $0.022 |
t2.micro | $0.02 |
m5zn.6xlarge | $0.045 |
c6a.48xlarge | $0.06 |
m6i.2xlarge | $0.026 |
c5a.16xlarge | $0.06 |
x2iedn.2xlarge | $0.026 |
r6idn.16xlarge | $0.06 |
m6in.metal | $0.06 |
Vendor refund policy
Refunds through AWS are not available at this time. You will only be billed for actual time of instance use. As with all CIS security products, our aim is always 100 percent customer/member satisfaction.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Monthly updates
Additional details
Usage instructions
No sensitive information supplied by customers will be stored outside this instance. No data encryption configuration is applicable to this instance. You can encrypt the instance EBS volume per standard EC2 processes. No programmatic system credentials and cryptographic keys are used by this instance. Launch the instance via the AWS Marketplace or EC2 console. Navigate to your Amazon EC2 console and verify that you're in the correct region. Choose instance and select your launched instance. Select the server to display your metadata page and choose the Status checks tab at the bottom of the page to review if your status checks passed or failed. Connect using SSH. Use ec2-user as the username. Immediately apply latest security updates to the instance.
Support
Vendor support
Questions, feedback, and support accessing CIS-developed AMIs is provided by contacting
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
This product has charges associated with the pre-built hardening to the CIS Benchmarks™ and recurring maintenance. The CIS Hardened Images® are hardened in accordance with the associated CIS Benchmarks, an industry best practice for secure configuration. Reduce cost, time, and risk by building your AWS solution with CIS AMIs.
This product has charges associated with the pre-built hardening to the CIS Benchmarks™ and recurring maintenance. The CIS Hardened Images® are hardened in accordance with the associated CIS Benchmarks, an industry best practice for secure configuration. Reduce cost, time, and risk by building your AWS solution with CIS AMIs.
This product has charges associated with the pre-built hardening to the CIS Benchmarks™ and recurring maintenance. The CIS Hardened Images® are hardened in accordance with the associated CIS Benchmarks, an industry best practice for secure configuration. Reduce cost, time, and risk by building your AWS solution with CIS AMIs.
This product has charges associated with the pre-built hardening to the CIS Benchmarks™ and recurring maintenance. The CIS Hardened Images® are hardened in accordance with the associated CIS Benchmarks, an industry best practice for secure configuration. Reduce cost, time, and risk by building your AWS solution with CIS AMIs.
This product has charges associated with the pre-built hardening to the CIS Benchmarks™ and recurring maintenance. The CIS Hardened Images® are hardened in accordance with the associated CIS Benchmarks, an industry best practice for secure configuration. Reduce cost, time, and risk by building your AWS solution with CIS AMIs.
Customer reviews
VINAY P.
Structured CIS Benchmarks That Strengthen RHEL Security Without Sacrificing Stability
Reviewed on Jun 06, 2026
Review provided by G2
What do you like best about the product?
What I like best about CIS Red Hat Enterprise Linux is the additional security hardening and compliance guidance it provides while maintaining the stability and reliability of the Red Hat Enterprise Linux platform. The CIS benchmarks offer a structured framework for improving system security and standardizing configurations across environments.
One feature that has provided significant value is the predefined security recommendations. Instead of manually researching and implementing security controls, the benchmark guidance helps establish consistent configurations more efficiently. This reduces the time required for system hardening and helps ensure that security best practices are applied consistently.
The auditing and compliance benefits are also valuable. Having documented security controls and configuration standards makes it easier to review system settings, prepare for internal audits, and maintain operational consistency. This has helped improve visibility into security posture and reduced the effort required to verify configuration compliance.
Another advantage is the platform's balance between security and operational stability. The guidance focuses on practical hardening measures while still allowing systems to support business applications and infrastructure services effectively. This helps maintain reliability without introducing unnecessary complexity.
One feature that has provided significant value is the predefined security recommendations. Instead of manually researching and implementing security controls, the benchmark guidance helps establish consistent configurations more efficiently. This reduces the time required for system hardening and helps ensure that security best practices are applied consistently.
The auditing and compliance benefits are also valuable. Having documented security controls and configuration standards makes it easier to review system settings, prepare for internal audits, and maintain operational consistency. This has helped improve visibility into security posture and reduced the effort required to verify configuration compliance.
Another advantage is the platform's balance between security and operational stability. The guidance focuses on practical hardening measures while still allowing systems to support business applications and infrastructure services effectively. This helps maintain reliability without introducing unnecessary complexity.
What do you dislike about the product?
One challenge is that implementing all recommended controls can require significant planning and testing, particularly in environments that support multiple applications and services. Some security settings may need careful evaluation to ensure they do not affect operational requirements.
What problems is the product solving and how is that benefiting you?
Before implementing CIS Red Hat Enterprise Linux guidelines, maintaining consistent security configurations across systems was often a challenge. Different servers could have varying settings, making it more difficult to enforce security standards, identify configuration gaps, and prepare for security reviews or compliance assessments.
CIS Red Hat Enterprise Linux solves these challenges by providing a structured and well-documented security baseline for system hardening. Instead of creating security policies from scratch, administrators can follow established benchmark recommendations to configure systems in a more consistent and secure manner.
One of the biggest benefits has been improved standardization. Security settings, access controls, logging configurations, and system policies can be implemented using a common framework, reducing configuration drift across environments. This helps improve operational consistency and simplifies ongoing administration.
The benchmark also helps strengthen system security by identifying areas where default configurations can be improved. Applying these recommendations helps reduce unnecessary exposure, improve system visibility, and support better security practices throughout the infrastructure.
Another advantage is improved audit readiness. Having a recognized security benchmark makes it easier to review configurations, validate security controls, and demonstrate that systems are aligned with established best practices. This reduces the effort required when preparing for internal reviews and compliance-related activities.
CIS Red Hat Enterprise Linux solves these challenges by providing a structured and well-documented security baseline for system hardening. Instead of creating security policies from scratch, administrators can follow established benchmark recommendations to configure systems in a more consistent and secure manner.
One of the biggest benefits has been improved standardization. Security settings, access controls, logging configurations, and system policies can be implemented using a common framework, reducing configuration drift across environments. This helps improve operational consistency and simplifies ongoing administration.
The benchmark also helps strengthen system security by identifying areas where default configurations can be improved. Applying these recommendations helps reduce unnecessary exposure, improve system visibility, and support better security practices throughout the infrastructure.
Another advantage is improved audit readiness. Having a recognized security benchmark makes it easier to review configurations, validate security controls, and demonstrate that systems are aligned with established best practices. This reduces the effort required when preparing for internal reviews and compliance-related activities.
Sandeep J.
Enhanced Security with Complex Setup
Reviewed on Nov 26, 2025
Review provided by G2
What do you like best about the product?
I appreciate the strong security features of CIS Red Hat Enterprise Linux, particularly how it revokes all access to non-root users. This significantly enhances the security by ensuring that unauthorized personnel cannot execute commands that could compromise the system. I also value the partition-level security it provides, such as setting 'noexec' and 'nosuid' options in the 'fstab' file for temporary partitions. This feature effectively prevents the automatic execution of programs, adding an additional layer of security to protect sensitive data. Moreover, the restrictions set for '/etc/fstab' are particularly beneficial for temporary partitions, which are often targeted by applications looking to execute programs. By disallowing execution on these partitions, it minimizes security risks and protects our telecom customers' environments more efficiently.
What do you dislike about the product?
I find handling the PAM authentication and audit services in CIS Red Hat Enterprise Linux to be quite confusing. While PAM is essential for Linux password restrictions, the complexity involved makes it cumbersome, and managing the necessary controls could be streamlined if handled separately. Additionally, the initial setup of the system is challenging due to numerous restrictions that must be kept in mind. This adds another layer of complexity, requiring careful application of changes or modifications, which reduces the overall user-friendliness.
What problems is the product solving and how is that benefiting you?
I use CIS Red Hat Enterprise Linux to enhance security, adding extra layers such as revoking access for non-root users and setting noexec nosuid on tmp partitions to prevent unauthorized execution.
Dennis v.
Rocksolid
Reviewed on Oct 02, 2025
Review provided by G2
What do you like best about the product?
Appstreams : run different stable versions of software : Like -> Simultaneous Nginx 1.27 and the default packaged nginx
What do you dislike about the product?
Licensing, you can't implement it with a dev license properly. You will need to migrate it to a subscription , can be quite costly
What problems is the product solving and how is that benefiting you?
Multiple
Ketan S.
Its good one
Reviewed on Dec 31, 2023
Review provided by G2
What do you like best about the product?
we can install our required packages smooth
What do you dislike about the product?
Its specific commands need to search or expertize need
What problems is the product solving and how is that benefiting you?
This Operating system provide platform
Zahid H.
CIS benchmark is more secure than default
Reviewed on Dec 01, 2023
Review provided by G2
What do you like best about the product?
when you pair RHEL minimal installation with CIS benchmark. You are now double edge sord.
What do you dislike about the product?
The CIS benchmark scripts for opensource OS should be free to use
What problems is the product solving and how is that benefiting you?
CIS almost locked all doors of entries. Sometimes an attacker filled the tmp file thru garbage data which halts the OS. in case of CIS benchmarked machine it helps you so that the application face challange due to unab le to generate data at tmp path