Patching CIS Hardened Images^®

Prior to Release

The monthly CIS Hardened Images releases contain all security and software updates and patches provided to CIS directly by the Cloud Service Provider (CSP). New versions of CIS Hardened Images are developed and made available monthly on each platform to account for updates to the corresponding CIS Benchmark or base OS.

Prior to a CIS Hardened Image’s release, no packages are installed on, or removed from, the CIS image outside of those already present on the base image or as recommended in alignment to the corresponding CIS Benchmark recommendations. To demonstrate continued conformance to the CIS Benchmark's hardening guidance, each image includes an HTML report from the Pro version of CIS Configuration Assessment Tool (CIS-CAT^® Pro).

Please see How to access the out-of-the-box configuration report for CIS Hardened Images for additional information regarding these hardening reports.

Updates

Following the purchase of a CIS Hardened Image, the image is now owned by and the sole responsibility of the end user. CIS will no longer access the image in any way. Maintaining the image’s security and configuration is now the responsibility of the end user.

In addition to the monthly OS updates, some monthly images also contain major, minor, or point revisions to the Benchmark itself. Each new CIS Hardened Image will be released with a new versioning number to indicate the update has been completed.

For information regarding updating and patching your CIS Hardened Image or migrating to the newest version of any given CIS Hardened Images, please see our Knowledge Base article on CIS Hardened Image general update and upgrade questions.