Are RHEL, RHEL Atomic Gold Images and UBI images hardened to CIS Benchmark standards?

Solution Verified - Updated -


  • Red Hat Enterprise Linux (RHEL)
  • Red Hat Enterprise Linux Atomic Host
  • Red Hat Universal Base Image (UBI)


We are planning our deployment of OpenShift into AWS. Our infrastructure security requires all AWS base images used by our company to be hardened using CIS benchmark scripts. Since our subscription for OpenShift includes access to the Gold images, we want to use these so that we don't get charged for a RHEL subscription indirectly by Amazon. We therefore need to know if the gold AMIs are already hardened to CIS benchmark standard? Or do we need to do this ourselves before we use them?


The RHEL, RHEL Atomic Gold Image AMIs, and UBIs provided through the Red Hat Cloud Access program and Red Hat Ecosystem catalog are not hardened to CIS Benchmark standards.
Customers using these supported images are free to apply any CIS hardening changes to their instances that they require, but the process of CIS Benchmarking is outside the scope of support.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.