What are the Differences Between a Cloud Base Image and CIS Hardened Images^®?

The Center for Internet Security, Inc. (CIS^®) builds the CIS Hardened Images from virtual (cloud) images on standard operating systems (OS), also known as "base images." A virtual base image is a generic OS template, exactly like a standard "out-of-box" operating system, such as Microsoft Windows Server 2025 or Red Hat Enterprise Linux 9.

CIS takes those base images and securely configures, aka “hardens” them, according to the associated CIS Benchmark. The CIS Hardened Images are direct derivatives of the CIS Benchmarks^® and are built to offer an image secured to industry-recognized security guidance. Prior to a CIS Hardened Images' release, no packages are installed on, or removed from, the CIS image outside of those already present on the base image or as recommended in alignment with the corresponding CIS Benchmark recommendations.

Every CIS Hardened Image comes with a CIS-CAT^® Pro assessment report to identify how closely the image conforms to the corresponding CIS Benchmark. Download the CIS Benchmark PDFs for free, non-commercial use only. All CIS Hardened Images additionally contain out-of-the-box configuration reports. These reports demonstrate what changes CIS has made to the base image and better enables tracking changes in the CIS hardening over time.