What is a CIS AWS Foundations Benchmark and How is it Useful?

No time to read? Listen to this episode here:

Before we jump into the business of the day, here are the cybersecurity news you might've missed this week:

  • Cyberattack cripples the systems of the world's largest meat supplier. JBS USA, the world's largest meat supplier, is now the target of an organized cyberattack. In a statement, JBS attested that the breach affected the servers of its Australian and North American IT systems. They noted that the backup systems were not affected, and they are actively working with an Incident Response team to swing back into operations.

  • Hackers exploit post-COVID return to offices. Hackers are celebrating the post-COVID return to offices in a classic and familiar way: by sending employees phishing emails. According to a cybersecurity report, this particularly ironic malicious email appears to have been sent from the CIO, welcoming the staff back to the office and informing them of new precautions to adhere to. The email further prompts the victims to visit a fake Microsoft SharePoint page where they are required to provide login details to "get access to files".

  • House bill tasks contractors to have vulnerability disclosure programs. The US House of Representatives will mandate all federal contractors to have vulnerability disclosure programs in place. While the bill, somewhat interestingly, will not require contractors to patch vulnerabilities in a timely manner, it will mandate them to inform a researcher of the measures required to mitigate any resulting breach.

And now to the topic of the day.

What is a CIS AWS Foundations Benchmark and How is it Useful?

The year is 2021, and cybersecurity continues to take a nosedive into a pool of hacking operations. It is noticeably a top concern for businesses, especially since many have transitioned to the cloud (in a vast majority of cases, AWS, Azure, or Google Cloud Platform) at the beginning of the pandemic last year. Unsurprisingly, between January and April of last year alone, cloud-based cyberattacks rose to 630%.

As many execs now realize, data protection is no longer a matter of convenience for an organization. Facing ever-increasing regulatory scrutiny and more targeted by cyberattacks than ever, vulnerable cloud infrastructures require specialized knowledge to secure holistically.

That’s where CIS AWS Foundations Benchmark comes in. In this article, we will discuss what it is about and its importance to your establishment.

What is a CIS AWS Foundations Benchmark?

Amazon's Center for Internet Services (CIS AWS) Foundations Benchmark is a set of compliance regulations for protecting resources linked to Amazon Web Services – one of the most popular cloud computing platforms.

AWS CIS Foundations Benchmark Brochure
Download P • 1.74MB

The benchmark provides well-detailed insights and directions in setting up and operating AWS in line with best practices for cybersecurity. Thus, if your establishment relies on cloud resources offered by AWS in particular, this benchmark is the perfect companion on your journey to securing your cloud data and infrastructure.

The Center for Internet Security (CIS) released the CIS AWS Foundations Benchmark upon recommendations by top cybersecurity industry experts, and the benchmark is actively used by both large enterprises and startups.

How is the CIS AWS Foundations Benchmark Used?

The CIS AWS Foundations Benchmark aims to provide specific standards for businesses looking to assess, implement, and develop operations within Amazon Web Services. While the benchmark is comprised of many sections, the recommendations within are particularly helpful in the following areas:

Identity and Access Management

A section of the benchmark features important security standards for Identity and Access Management (IAM) options.

This section alone covers 22 different areas, such as the correct use of the "root" account, ensuring multi-factor authentication is enabled for all users with console access, access key rotation, de-provisioning of unused credentials, and a host of password-related policy recommendations.

In a world where many attacks are carried out via privilege escalation and account takeovers, IAM is one of the key concerns of many technology leaders.


Another section of the benchmark contains directions for setting up an extensive logging functionality. Topics covered include securing CloudTrail logs via encryption with Key Management Service Customer Master Keys (KMS CMKs), S3 bucket access logging, VPC flow logging, log metric filters, logging of various events (for example, unauthorized API calls, management console sign-ins, CloudTrail configuration changes), and much more.

Extensive logging is critical not only for analytics purposes but for Cyber Incident Response and digital forensics. Reconstructing the timeline and the sequence of the malicious events allows the Cyber Incident Response Team (CIRT) to quickly establish the root cause of the incident, address the weakness exploited, and rapidly execute containment and eradication steps.


Your organization can also use the instructions within the benchmark to set up automatic alerts for access events, changes to network gateways, security group and permission changes, and more.

Needless to say, this goes a long way in reducing the time needed to identify a breach or malicious behavior carried out within your cloud infrastructure.


Finally, the benchmark provides clear instructions on preventing unauthorized access to your servers through secure shell protocol (SSH) - your CIRT members can pull this off by ensuring no security groups allow ingress traffic from to port 22. Similarly, you can prevent RDP abuse by blocking ingress traffic from to port 3389.

With the aid of the CIS AWS Foundations Benchmark assessment carried out by our team at Wembley Partners, your CIRT members will be able to detect compliance violations, enact baselines with codeless auto-remediation, as well as assess and achieve compliance in the ongoing fight against cyberattacks.

Like this content? Subscribe to our newsletter to get weekly cybersecurity insights and top news - straight to your mailbox!

37 views0 comments

Recent Posts

See All