Using CIS hardened images in Nerdio Manager for Enterprise

Posted on by Dominiek Verham

What’s up, everyone!

Nerdio has released Nerdio Manager for Enterprise 6.4 and it’s packed with lots of great features! In this post I’d like to highlight something really cool! Nerdio has teamed up with the Center for Internet Security (CIS) to provide hardened Windows images which you can use as a more secure image for your session hosts. Let’s find out how this works!

Introducing the Center for Internet Security

Let’s start with the Center for Information Security. This non-profit organization was founded back in 2000. It’s mission is to make the connected world a safer place by developing, validating and promoting timely best practice solutions that help people, businesses and governments protect themselves against pervasive cyber threats. It does that using various solutions, one of which is called the CIS benchmark. These benchmarks are available for download on their website (URL).  

The legends at CIS have gone one step further by creating pre-hardened images. Using these images has a lot of advantages. Just to name a few: 

  • These images comply with the CIS benchmarks so it is optimized with the cybersecurity best practices.
  • They are created using an automated process which eliminates misconfigurations that can occur if these images are created manually. 
So when should you consider to use CIS hardened images? 
In any scenario where you need to achieve compliance with the following standards:
  • DoD Cloud Computing Security Recommendation Guide (SRG)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Federal Information Security Management Act (FISMA)
  • Federal Risk and Authorization Management Program (FedRAMP)
  • National Institute of Standards and Technology (NIST)

How great is it that Nerdio has teamed up with the Center for Internet Security so you can now use these hardened images and become a security hero yourself? 

Using the CIS hardened images in NME

Using CIS hardened images works just like other images. Let’s create a new desktop image. From NME, select Desktop images and select Add from Azure library.

Make sure to search for a CIS hardened image like this:

Before continuing on with the process, make sure to be aware of a couple of things:

  1. Using these images is a paid service. Note the [paid] tag at the end of the name. 
  2. Did you see the Level 1 reference in the name? This refers to the CIS benchmark. Level 1 is considered suitable for most environments  providing baseline security heavily impacted the user experience.
  3. Using CIS hardened images are not supported for environments where customers use Unified Application Management.
Nerdio made sure you have to be aware of these things before you can continue. At the time of writing, you will see the following notification in NME after selecting the desired CIS hardened image:

Make sure your account is member of Contributor role or Owner role on the Azure subscription. 

Is there a way to get more information on the costs?

There is! You can use Nerdio’s free cost estimator tool to get more information for your specific use case. Make sure the check the CIS hardened image checkbox in the first step:

Resources

You can find more information about CIS hardened images in NME in the following resources:

Release Notes – Nerdio Manager for Enterprise (getnerdio.com)

CIS Hardened Images (cisecurity.org)

CIS Benchmarks (cisecurity.org)

Cost estimator (getnerdio.com)

About us (cisecurity.org)

Center for Internet Security – Wikipedia

Nerdio Becomes One of the Exclusive Providers Integrating CIS Hardened Images® Directly into Its Products (cisecurity.org)

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *