Glossary

Base Image The Cloud Service Provider (CSP) provided virtual machine image on which The Center for Internet Security, Inc. (CIS^®) builds CIS Hardened Images^®.

CSP Cloud Service Provider CVE Common Vulnerabilities and Exposures DoD United States Department of Defense VPC Virtual Private Cloud is a service that lets you launch AWS resources in a logically isolated virtual network.

• GCP Google Cloud Platform

• OCI Oracle Cloud Infrastructure

• AWS Amazon Web Services

• Azure Marketplace Microsoft Azure's Cloud Platform

CIS-CAT Pro^® A tool for evaluating your system's configuration settings against the recommendations in the CIS Benchmarks^®.

CIS Benchmarks The CIS Benchmarks are a powerful set of best practices to help your organization ensure its IT systems, software, networks, and cloud infrastructure are securely configured. They represent the consensus-based effort of cybersecurity experts globally to help you protect your systems against threats more confidently.

CIS Benchmark Recommendations Every CIS Benchmark is comprised of what are called "recommendations." A CIS Benchmark recommendation is a specific set of configuration guidelines developed through a consensus-based process. Each recommendation within each CIS Benchmark is associated with at least one profile level. How many recommendations will be applied dependends on the desired level of system hardening.

CIS Benchmark Profiles A collection of recommendations for securing a technology or a supporting platform. Most CIS Benchmarks include at least a Level 1 and Level 2 Profile. Level 2 extends Level 1 recommendations and is not a standalone profile. Please see below for information regarding STIG Profile Levels. The Profile Definitions section in the associated CIS Benchmark provides the definitions as they pertain to the recommendations included for the technology.

Level 1 Hardened Image Benchmark Profile Considered a base recommendation that is designed to have minimal performance impact. The intent of the Level 1 profile CIS Benchmark Hardened Image is to lower the attack surface of your organization while keeping machines usable and not hindering business functionality.

Level 2 Hardened Image Benchmark Profiles Considered to be “defense in depth” that is intended for environments where security is paramount. The recommendations associated with the Level 2 Hardened Images are intended for environments or use cases where security is more critical than manageability.

STIG Hardened Image Benchmark Profiles (CAT III, CAT II, CAT I) replaces the previous Level 3. The STIG profile provides all recommendations that are STIG specific. Overlap of recommendations from other profiles, i.e. Level 1 and Level 2, are present in the STIG profile as applicable.

STIG Security Technical Implementation Guides and Security Requirements Guides for the Department of Defense (DOD) information technology systems as mandated by DODI 8500.01.

The CIS Critical Security Controls^® (CIS Controls^®) are a prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your cybersecurity posture. This latest version, CIS Controls v8.1, includes updated alignment to evolving industry standards and frameworks, revised asset classes and Safeguard descriptions, as well as the addition of the “Governance” security function