This image of Microsoft Windows Server 2016 is preconfigured by CIS to the recommendations in the associated CIS Benchmark and STIG. CIS Benchmarks are vendor agnostic, consensus-based security configuration guides both developed and accepted by government, business, industry, and academia. The STIG is the configuration standards for DOD IA and IA-enabled devices or systems. Cloud environments and operating systems are not secure by default. Launching an image hardened according to the CIS STIG Benchmark baselines provides added security when an organization has to align with those standards. This image is hardened by CIS and is configured with the majority of the recommendations included in the free PDF version of the CIS STIG Benchmark. The existing consensus-based CIS Microsoft Windows Server 2016 Benchmark Level 1 and Level 2 profiles mapped to applicable STIG recommendations are applied. A new Level 3 profile applied extends the additional requirements from the STIG not covered in the Level 1 and Level 2 profiles. When users are applying CIS Benchmarks and need to be STIG compliant, they will be able to apply all 3 profiles and quickly address the gaps between the original CIS Benchmark and the STIG. Due to the impact of applying all of the Level 2 recommendations to the STIG profile, only the Level 2 recommendations that directly map to the STIG are included. All of the Level 2 recommendations not included in Level 3 will need to be applied and assessed separately.
To learn more or access the corresponding CIS STIG Benchmark, please visit cisecurity.org. The Benchmark that is the basis for this image was developed for secure solutions that need to incorporate CIS and STIG security for Microsoft Windows Server 2016.