Enable CIS Hardened Images
CIS hardened images are images that come pre-hardened in accordance with the CIS benchmarks. They have increased security settings and increased cost.
CIS hardened images help you achieve compliance with the following standards:
DoD Cloud Computing Security Recommendation Guide (SRG)
Payment Card Industry Data Security Standard (PCI DSS)
Federal Information Security Management Act (FISMA)
Federal Risk and Authorization Management Program (FedRAMP)
National Institute of Standards and Technology (NIST)
See the CIS website for additional information.
Nerdio Manager allows you to enable the use of CIS hardened images when creating global images, host pools, or hosts. The CIS hardened images are not available until you enable their use, as shown below.
Once enabled, CIS hardened images are available, for example, when creating a global image:
Note:
Nerdio Manager provides CIS Level 1 configuration profile benchmark. It is suitable for most environments and ensures baseline protection against common threats without heavily impacting the user experience or operational functionality.
CIS hardened images do not support Unified Application Management.
-
The following resources help you verify that your image has been hardened:
Base CIT CAT Report: This report outlines the status of unhardened images as provided by Microsoft.
CIS CAT Report: This report outlines the status of hardened images provided by CIS.
Exceptions: This report notes any items in the CIS hardened images that fall outside of CIS's recommended controls.
You can access the most recent versions of these resources on the C:\ drive of your hardened image.
For the CIS Benchmarks, see CIS Benchmarks List.
To enable CIS hardened images:
At the MSP level, navigate to Settings > Integrations.
-
In the Center for Internet Security tile, select Disabled.
-
Select I Agree and then select Enable.
Note: By selecting I Agree, you are agreeing to the CIS Hardened Images End User License Agreement.
Comments (0 comments)