CIS Alibaba Cloud Linux benchmarks - Elastic Compute Service

Background information

The CIS is a renowned nonprofit organization that has been operating as an online community for decades to safeguard against cyber threats. It works with public service sectors, businesses, and academia from around the world to develop security best practice solutions for cyber defense, called benchmarks. For more information, visit the official CIS website or see CIS in Wikipedia. The CIS has published benchmarks for most Linux distributions such as Alibaba Cloud Linux, CentOS, and Ubuntu. CIS benchmarks are well recognized as important security standards for cloud-based operating systems.

The CIS certification for Alibaba Cloud Linux 2 security benchmarks was completed on August 16, 2019. Then, the CIS published CIS Aliyun Linux 2 Benchmark v1.0.0. The CIS certification for Alibaba Cloud Linux 3 security benchmarks was completed on February 6, 2022. Then, the CIS published CIS Alibaba Cloud Linux 3 Benchmark v1.0.0. Alibaba Cloud Linux is the first CIS certified operating system in China.

Introduction to CIS Alibaba Cloud Linux benchmarks

Take note of the following items about CIS Alibaba Cloud Linux benchmarks:

The CIS benchmark for each Alibaba Cloud Linux release provides specific security recommendations for more than 200 items in the following areas: initial setup, services, network configuration, logging and auditing, access, authentication, authorization, and system maintenance.
- CIS Aliyun Linux 2 Benchmark v1.0.0 includes 204 items.
- CIS Alibaba Cloud Linux 3 Benchmark v1.0.0 includes 266 items.
Each item is described from the following aspects: profile applicability, scoring information, description, rationale, impact, audit, remediation, and references. In CIS Alibaba Cloud Linux benchmarks, items are classified into different profile levels: Level 1 and Level 2.
- Level 1 items cover basic security configurations that are easy to implement and have minimal impact on performance.
- Level 2 items are suitable for high-security environments and may incur performance overheads.
Items in CIS Aliyun Linux 2 Benchmark are categorized as Scored and Not Scored based on scoring information. Items in CIS Alibaba Cloud Linux 3 Benchmark are categorized as Automated and Manual based on scoring information.
- Scored and Automated: If an item is categorized as Scored or Automated, the compliance of this item with the provided security recommendation affects the benchmark score. If this item complies with the provided security recommendation, the benchmark score is increased. If this item does not comply with the provided security recommendation, the benchmark score is decreased.
- Not Scored and Manual: If an item is categorized as Not Scored or Manual, the compliance of this item with the provided security recommendation does not affect the benchmark score. The benchmark score does not change with this item regardless of whether the item complies with the provided security recommendation.

Note When you use CIS Alibaba Cloud Linux benchmarks, you can select benchmark items based on your business requirements to improve the security of your Alibaba Cloud Linux operating systems. You can also refer to CIS Alibaba Cloud Linux benchmarks to improve the security of other compatible operating systems.

Download CIS Alibaba Cloud Linux benchmarks

The following table describes the methods that you can use to download CIS Alibaba Cloud Linux benchmarks.


Download method	Description
Download CIS Alibaba Cloud Linux benchmarks from the CIS Benchmarks page.	Visit the CIS Downloads page and download the CIS benchmark for your Alibaba Cloud Linux release. For Alibaba Cloud Linux 2 (formerly called Aliyun Linux 2), find CIS Aliyun Linux 2 Benchmark v1.0.0 and click Download PDF. For Alibaba Cloud Linux 3, find CIS Alibaba Cloud Linux 3 Benchmark v1.0.0 and click Download PDF.
Use a CIS account to download CIS Alibaba Cloud Linux benchmarks	Visit one of the following pages to download CIS Alibaba Cloud Linux benchmarks in the PDF format. Note Before you can download CIS Alibaba Cloud Linux benchmarks from the pages, you must create a CIS account and then use this account to log on to CIS WorkBench. If you already have a CIS account, use the account to log on to CIS WorkBench as prompted. If you do not have a CIS account, click Register Now! on the CIS WorkBench logon page to create an account and then use the account to log on. After you log on to CIS WorkBench, you can participate in the discussions in or the development of the CIS community. For Alibaba Cloud Linux 2 (formerly called Aliyun Linux 2), visit the CIS Aliyun Linux 2 Benchmark v1.0.0 PDF page and download the PDF file shown in the following figure. For Alibaba Cloud Linux 3, visit the CIS Alibaba Cloud Linux 3 benchmark v1.0.0 PDF page and download the PDF file shown in the following figure.
Download CIS Alibaba Cloud Linux benchmarks by email	You can specify an email account on the official CIS website and then download CIS Alibaba Cloud Linux benchmarks by email. Perform the following operations: Visit the CIS Benchmarks page. Scroll down to the section shown in the following figure, click Operating Systems, and then click Linux. Find Aliyun Linux and click Download CIS Benchmark. In the FREE BENCHMARKS section, enter your personal information and email account and click Get Free Benchmarks Now. Log on to the entered email account and check your email. An email may be sent by the CIS with a latency of several minutes. The following figure shows an example email. Click Access PDFs and find the CIS Alibaba Cloud Linux benchmark that you want to download. For Alibaba Cloud Linux 2 (formerly called Aliyun Linux 2), find CIS Aliyun Linux 2 Benchmark v1.0.0 and click Download PDF. For Alibaba Cloud Linux 3, find CIS Alibaba Cloud Linux 3 Benchmark v1.0.0 and click Download PDF. The following figure shows the page for downloading CIS Aliyun Linux 2 Benchmark v1.0.0.

References

The CIS provides instructions on how to use CIS Alibaba Cloud Linux benchmarks.