CIS compliance with Ubuntu LTS
Ubuntu contains native tooling to automate compliance and auditing with the Center for Internet Security (CIS) benchmarks. The Center for Internet Security (CIS), develops the CIS benchmark documents for Ubuntu LTS releases. As these documents contain a large number of hardening rules, compliance and auditing can be very efficient when using the Ubuntu native tooling that is available to subscribers of Ubuntu Pro.
With Ubuntu 20.04 we introduce the Ubuntu Security Guide (USG) an easy to use tool for compliance and auditing that replaces our older tooling. See the following sections for more information.
Ubuntu 20.04 LTS and 22.04 LTS
- Installation of Ubuntu Security Guide
- CIS benchmark compliance
- CIS benchmark auditing
- CIS benchmark customization
Ubuntu 16.04 and 18.04 LTS
- Installation of the Ubuntu CIS tooling
- CIS benchmark compliance on Ubuntu 16.04 and 18.04
- CIS benchmark auditing on Ubuntu 16.04 and 18.04
Available CIS profiles
At the time of writing the following CIS profiles are automated with the native Ubuntu tooling.
| Ubuntu release | CIS profile version |
|---|---|
| 22.04 LTS | 1.0.0 |
| 20.04 LTS | 1.0.0 |
| 18.04 LTS | 2.0.1 |
| 16.04 LTS | 1.1.0 |
The version of the profiles is tied to the specific release they apply and are not related, nor can be compared across releases.
Tutorials
- Comply with CIS or DISA STIG on Ubuntu 20.04 with Ubuntu Security Guide
- Create a CIS-hardened “golden” image on Azure
Get the latest updates
A mailing list is used to announce patches and news related to the CIS packages and certifications.
To request to join the mailing list, please send “join” in the email body to ubuntu-certs-announce-request@lists.canonical.com.
Announcements will be sent to the email address ubuntu-certs-announce@lists.canonical.com from an “@canonical.com” email address.