Loading controls...

Benchmark: CIS v2.0.0

To obtain the latest version of the official guide, please visit http://benchmarks.cisecurity.org.


All CIS Benchmarks focus on technical configuration settings used to maintain and/or increase the security of the addressed technology, and they should be used in conjunction with other essential cyber hygiene tasks like:

  • Monitoring the base operating system for vulnerabilities and quickly updating with the latest security patches
  • Monitoring applications and libraries for vulnerabilities and quickly updating with the latest security patches In the end, the CIS Benchmarks are designed as a key component of a comprehensive cybersecurity program. This document provides prescriptive guidance for configuring security options for a subset of Amazon Web Services with an emphasis on foundational, testable, and architecture agnostic settings. Some of the specific Amazon Web Services in scope for this document include:
  • AWS Identity and Access Management (IAM)
  • IAM Access Analyzer
  • AWS Config
  • AWS CloudTrail
  • AWS CloudWatch
  • AWS Simple Notification Service (SNS)
  • AWS Simple Storage Service (S3)
  • Elastic Compute Cloud (EC2)
  • Relational Database Service (RDS)
  • To obtain the latest version of this guide, please visit https://benchmarks.cisecurity.org. If you have questions, comments, or have identified ways to improve this guide, please write us at BenchmarkInfo@cisecurity.org.


The following configuration profiles are defined by this Benchmark:

Level 1

Items in this profile intend to:

  • be practical and prudent;
  • provide security focused best practice hardening of a technology; and
  • limit impact to the utility of the technology beyond acceptable means.

Level 2

This profile extends the "Level 1" profile. Items in this profile exhibit one or more of the following characteristics:

  • are intended for environments or use cases where security is more critical than manageability and usability
  • acts as defense in depth measure
  • may impact the utility or performance of the technology
  • may include additional licensing, cost, or addition of third party software


Browse dashboards and select CIS v2.0.0:

steampipe dashboard

Or run the benchmarks in your terminal:

steampipe check aws_compliance.benchmark.cis_v200

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share aws_compliance.benchmark.cis_v200