CIS Benchmark

The CIS Benchmark page provides guidelines on how to configure security options for a range of AWS services.

By leveraging the standards articulated in the CIS Benchmark for AWS, security professionals can more easily and consistently ensure that their deployments follow established best practices for compliance.


Go to the left navigation pane and choose Total Compliance > CIS Benchmark to access this feature.

CIS Benchmark report with a control expanded.

Each control and its state of compliance is listed clearly. CloudCheckr uses its Best Practice Checks as a source of data for each of the controls.

Each control is categorized under one of the following areas of compliance: Identity and Access Management, Logging, Monitoring, or Networking.

Click the Expand button to see details on the Best Practice checks associated with that control, whether it is scored (Automated) or not (Manual), its status (Correctly or Not Correctly Set), and any remediation comments.


The table describes each of the features on the CIS Benchmark page.




Level 1 and Level 2 tabs

Level 1 and Level 2 are security configuration profiles.

  • Level 1 includes controls that are practical, provide a clear security benefit, and do not limit the technology beyond acceptable means.
  • Level 2 includes controls that are intended for environments where security is paramount, acts as defense in-depth measure, and may inhibit the performance of the technology.


Each control is grouped under one of the following categories:

  • Identity and Access Management
  • Logging
  • Monitoring
  • Networking


Name and description of a control in the AWS CIS Foundation report.

Plus icon

Click to show the details about the selected control.

Minus icon

Click to hide the details about the selected control.

Best Practice Check

The name of the Best Practice Check associated with the selected control.

The color and icon of the check indicates if it is passing or failing for your deployment.

Clicking the name of the check takes you to the location and details in the Best Practice report.

Remediation Comment

Allows you to insert a message about remediation.

Submit button

Click Submit to add the remediation comment.

Set Correctly

Indicates if the control is configured correctly for the selected deployment.


Indicates if the control is scored (Automated) or not (Manual).


Allows you to toggle Yes or No to indicate if the condition is met (manual attestation).

How did we do?