AWSEC2-ConfigureSTIG - Amazon Systems Manager Automation runbook reference
STIG hardening component downloadsWindows STIG settingsWindows STIG version historyLinux STIG settingsLinux STIG version history
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWSEC2-ConfigureSTIG

Security Technical Implementation Guides (STIGs) are the configuration hardening standards created by the Defense Information Systems Agency (DISA) to secure information systems and software. To make your systems compliant with STIG standards, you must install, configure, and test a variety of security settings.

Amazon EC2 provides a Systems Manager command document, AWSEC2-ConfigureSTIG, which you can use to apply STIG settings to an instance. This document helps you to quickly build compliant images for STIG standards. The STIG Systems Manager document scans for misconfigurations and runs a remediation script. It also installs InstallRoot from the Department of Defense (DoD) on Windows AMIs to install and update the DoD certificates and to remove unnecessary certificates to maintain STIG compliance. There are no additional charges for using the STIG Systems Manager document.

Note

AWSEC2-ConfigureSTIG is a command document. To search for AWSEC2-ConfigureSTIG in the Amazon Systems Manager console, select the category Command documents.

This page lists all STIGs that Amazon EC2 supports that the STIG hardening components apply to your EC2 instance.

You can choose which STIG compliance category to apply.

Compliance levels

  • High (Category I)

    The most severe risk. Includes any vulnerability that can result in loss of confidentiality, availability, or integrity.

  • Medium (Category II)

    Includes any vulnerability that can result in loss of confidentiality, availability, or integrity but the risk can be mitigated.

  • Low (Category III)

    Includes any vulnerability that degrades measures to protect against loss of confidentiality, availability, or integrity.

STIG hardening component downloads

Amazon groups STIG hardening components together into operating system related bundles for each release. Bundles are archive files that are appropriate for the target operating system where they download and run. Linux component bundles are stored as TAR files (.tgz file extension). Windows component bundles are stored as ZIP files (.zip file extension).

Amazon stores the component bundles in the Image Builder S3 STIG bucket in each Amazon Web Services Region. Use SSL/TLS to communicate with Amazon resources. We require TLS 1.2 and recommend TLS 1.3.

Important

With few exceptions, the STIG hardening components that the Systems Manager document downloads do not install third-party packages. If third-party packages are already installed on the instance, and if there are related STIGs that Amazon EC2 supports for that package, those STIGs are applied.

Patterns and examples for component storage paths and bundle file names are as follows:

Component storage path

s3://aws-windows-downloads-<region>/STIG/<bundle file name>

Component path variables
region

Amazon Web Services Region (Each Region has its own components bucket.)

bundle file name

The format is <os bundle name>_<YYYY>_Q<quarter>[_<release>].<file extension>. Note that the name has underscores between the nodes, not periods.

os bundle name

The standard name prefix for the operating system bundle is either LinuxAWSConfigureSTIG or AWSConfigureSTIG. To maintain backwards compatibility, the download for Windows doesn't include a platform prefix.

YYYY

The four digit year of the release.

quarter

Identifies the quarter of the year: 1, 2, 3, or 4.

release

Incremental number that starts at one, and increments by one for each new release. The release is not included for the first release in a quarter and is only added for subsequent releases.

file extension

Compressed file format tgz (Linux) or zip (Windows).

Example bundle file names

  • LinuxAWSConfigureSTIG_2023_Q1_2.tgz

  • AWSConfigureSTIG_2022_Q4.zip

Windows STIG settings

Amazon EC2 Windows STIG AMIs and hardening components are designed for standalone servers and apply Local Group Policy. STIG-compliant components install InstallRoot from the Department of Defense (DoD) on Windows AMIs to download, install and update the DoD certificates. They also remove unnecessary certificates to maintain STIG compliance. Currently, Amazon EC2 supports STIG baselines for the following versions of Windows Server: 2012 R2, 2016, 2019, and 2022.

This section lists current STIG settings that Amazon EC2 supports for your Windows infrastructure, followed by a version history log.

You can apply low, medium, or high STIG settings.

Windows STIG Low (Category III)

The following list contains STIG settings that Amazon EC2 supports to your infrastructure. If a supported setting isn't applicable for your infrastructure, Amazon EC2 skips that setting, and moves on. For example, some STIG hardening settings might not apply to standalone servers. Organization-specific policies can also affect which settings apply, such as a requirement for administrators to review document settings.

For a complete list of Windows STIGs, see the STIGs Document Library. For information about how to view the complete list, see STIG Viewing Tools.

  • Windows Server 2022 STIG Version 2 Release 2

    V-254335, V-254336, V-254337, V-254338, V-254351, V-254357, V-254363, and V-254481

  • Windows Server 2019 STIG Version 3 Release 2

    V-205691, V-205819, V-205858, V-205859, V-205860, V-205870, V-205871, and V-205923

  • Windows Server 2016 STIG Version 2 Release 9

    V-224916, V-224917, V-224918, V-224919, V-224931, V-224942, and V-225060

  • Windows Server 2012 R2 MS STIG Version 3 Release 5

    V-225537, V-225536, V-225526, V-225525, V-225514, V-225511, V-225490, V-225489, V-225488, V-225487, V-225485, V-225484, V-225483, V-225482, V-225481, V-225480, V-225479, V-225476, V-225473, V-225468, V-225462, V-225460, V-225459, V-225412, V-225394, V-225392, V-225376, V-225363, V-225362, V-225360, V-225359, V-225358, V-225357, V-225355, V-225343, V-225342, V-225336, V-225335, V-225334, V-225333, V-225332, V-225331, V-225330, V-225328, V-225327, V-225324, V-225319, V-225318, and V-225250

  • Microsoft .NET Framework 4.0 STIG Version 2 Release 2

    No STIG settings apply to the Microsoft .NET Framework for Category III vulnerabilities.

  • Windows Firewall STIG Version 2 Release 2

    V-241994, V-241995, V-241996, V-241999, V-242000, V-242001, V-242006, V-242007, and V-242008

  • Internet Explorer 11 STIG Version 2 Release 5

    V-223016, V-223056, and V-223078

  • Microsoft Edge STIG Version 2 Release 2 (Windows Server 2022 only)

    V-235727, V-235731, V-235751, V-235752, and V-235765

Windows STIG Medium (Category II)

The following list contains STIG settings that Amazon EC2 supports to your infrastructure. If a supported setting isn't applicable for your infrastructure, Amazon EC2 skips that setting, and moves on. For example, some STIG hardening settings might not apply to standalone servers. Organization-specific policies can also affect which settings apply, such as a requirement for administrators to review document settings.

For a complete list of Windows STIGs, see the STIGs Document Library. For information about how to view the complete list, see STIG Viewing Tools.

Note

The Windows STIG Medium category includes all of the listed STIG hardening settings that apply to Windows STIG low (Category III), in addition to the STIG hardening settings that Amazon EC2 supports for Category II vulnerabilities.

  • Windows Server 2022 STIG Version 2 Release 2

    Includes all STIG hardening settings that Amazon EC2 supports for Category III (Low) vulnerabilities, plus:

    V-254247, V-254265, V-254269, V-254270, V-254271, V-254272, V-254273, V-254274, V-254276, V-254277, V-254278, V-254285, V-254286, V-254287, V-254288, V-254289, V-254290, V-254291, V-254292, V-254300, V-254301, V-254302, V-254303, V-254304, V-254305, V-254306, V-254307, V-254308, V-254309, V-254310, V-254311, V-254312, V-254313, V-254314, V-254315, V-254316, V-254317, V-254318, V-254319, V-254320, V-254321, V-254322, V-254323, V-254324, V-254325, V-254326, V-254327, V-254328, V-254329, V-254330, V-254331, V-254332, V-254333, V-254334, V-254339, V-254341, V-254342, V-254344, V-254345, V-254346, V-254347, V-254348, V-254349, V-254350, V-254355, V-254356, V-254356, V-254358, V-254359, V-254360, V-254361, V-254362, V-254364, V-254365, V-254366, V-254367, V-254368, V-254369, V-254370, V-254371, V-254372, V-254373, V-254375, V-254376, V-254377, V-254379, V-254380, V-254382, V-254383, V-254384, V-254431, V-254432, V-254433, V-254434, V-254435, V-254436, V-254438, V-254439, V-254442, V-254443, V-254444, V-254445, V-254449, V-254450, V-254451, V-254452, V-254453, V-254454, V-254455, V-254456, V-254459, V-254460, V-254461, V-254462, V-254463, V-254464, V-254468, V-254470, V-254471, V-254472, V-254473, V-254476, V-254477, V-254478, V-254479, V-254480, V-254482, V-254483, V-254484, V-254485, V-254486, V-254487, V-254488, V-254489, V-254490, V-254493, V-254494, V-254495, V-254497, V-254499, V-254501, V-254502, V-254503, V-254504, V-254505, V-254507, V-254508, V-254509, V-254510, V-254511, and V-254512

  • Windows Server 2019 STIG Version 3 Release 2

    Includes all STIG hardening settings that Amazon EC2 supports for Category III (Low) vulnerabilities, plus:

    V-205625, V-205626, V-205627, V-205629, V-205630, V-205633, V-205634, V-205635, V-205636, V-205637, V-205638, V-205639, V-205643, V-205644, V-205648, V-205649, V-205650, V-205651, V-205652, V-205655, V-205656, V-205659, V-205660, V-205662, V-205671, V-205672, V-205673, V-205675, V-205676, V-205678, V-205679, V-205680, V-205681, V-205682, V-205683, V-205684, V-205685, V-205686, V-205687, V-205688, V-205689, V-205690, V-205692, V-205693, V-205694, V-205697, V-205698, V-205708, V-205709, V-205712, V-205714, V-205716, V-205717, V-205718, V-205719, V-205720, V-205722, V-205729, V-205730, V-205733, V-205747, V-205751, V-205752, V-205754, V-205756, V-205758, V-205759, V-205760, V-205761, V-205762, V-205764, V-205765, V-205766, V-205767, V-205768, V-205769, V-205770, V-205771, V-205772, V-205773, V-205774, V-205775, V-205776, V-205777, V-205778, V-205779, V-205780, V-205781, V-205782, V-205783, V-205784, V-205795, V-205796, V-205797, V-205798, V-205801, V-205808, V-205809, V-205810, V-205811, V-205812, V-205813, V-205814, V-205815, V-205816, V-205817, V-205821, V-205822, V-205823, V-205824, V-205825, V-205826, V-205827, V-205828, V-205830, V-205832, V-205833, V-205834, V-205835, V-205836, V-205837, V-205838, V-205839, V-205840, V-205841, V-205842, V-205861, V-205863, V-205865, V-205866, V-205867, V-205868, V-205869, V-205872, V-205873, V-205874, V-205911, V-205912, V-205915, V-205916, V-205917, V-205918, V-205920, V-205921, V-205922, V-205924, V-205925, V-236001, and V-257503

  • Windows Server 2016 STIG Version 2 Release 9

    Includes all STIG hardening settings that Amazon EC2 supports for Category III (Low) vulnerabilities, plus:

    V-224850, V-224852, V-224853, V-224854, V-224855, V-224856, V-224857, V-224858, V-224859, V-224866, V-224867, V-224868, V-224869, V-224870, V-224871, V-224872, V-224873, V-224881, V-224882, V-224883, V-224884, V-224885, V-224886, V-224887, V-224888, V-224889, V-224890, V-224891, V-224892, V-224893, V-224894, V-224895, V-224896, V-224897, V-224898, V-224899, V-224900, V-224901, V-224902, V-224903, V-224904, V-224905, V-224906, V-224907, V-224908, V-224909, V-224910, V-224911, V-224912, V-224913, V-224914, V-224915, V-224920, V-224922, V-224924, V-224925, V-224926, V-224927, V-224928, V-224929, V-224930, V-224935, V-224936, V-224937, V-224938, V-224939, V-224940, V-224941, V-224943, V-224944, V-224945, V-224946, V-224947, V-224948, V-224949, V-224951, V-224952, V-224953, V-224955, V-224956, V-224957, V-224959, V-224960, V-224962, V-224963, V-225010, V-225013, V-225014, V-225015, V-225016, V-225017, V-225018, V-225019, V-225021, V-225022, V-225023, V-225024, V-225028, V-225029, V-225030, V-225031, V-225032, V-225033, V-225034, V-225035, V-225038, V-225039, V-225040, V-225041, V-225042, V-225043, V-225047, V-225049, V-225050, V-225051, V-225052, V-225055, V-225056, V-225057, V-225058, V-225059, V-225061, V-225062, V-225063, V-225064, V-225065, V-225066, V-225067, V-225068, V-225069, V-225072, V-225073, V-225074, V-225076, V-225078, V-225080, V-225081, V-225082, V-225083, V-225084, V-225086, V-225087, V-225088, V-225089, V-225092, V-225093, V-236000, and V-257502

  • Windows Server 2012 R2 MS STIG Version 3 Release 5

    Includes all STIG hardening settings that Amazon EC2 supports for Category III (Low) vulnerabilities, plus:

    V-225574, V-225573, V-225572, V-225571, V-225570, V-225569, V-225568, V-225567, V-225566, V-225565, V-225564, V-225563, V-225562, V-225561, V-225560, V-225559, V-225558, V-225557, V-225555, V-225554, V-225553, V-225551, V-225550, V-225549, V-225548, V-225546, V-225545, V-225544, V-225543, V-225542, V-225541, V-225540, V-225539, V-225538, V-225535, V-225534, V-225533, V-225532, V-225531, V-225530, V-225529, V-225528, V-225527, V-225524, V-225523, V-225522, V-225521, V-225520, V-225519, V-225518, V-225517, V-225516, V-225515, V-225513, V-225510, V-225509, V-225508, V-225506, V-225504, V-225503, V-225502, V-225501, V-225500, V-225494, V-225486, V-225478, V-225477, V-225475, V-225474, V-225472, V-225471, V-225470, V-225469, V-225464, V-225463, V-225461, V-225458, V-225457, V-225456, V-225455, V-225454, V-225453, V-225452, V-225448, V-225443, V-225442, V-225441, V-225415, V-225414, V-225413, V-225411, V-225410, V-225409, V-225408, V-225407, V-225406, V-225405, V-225404, V-225402, V-225401, V-225400, V-225398, V-225397, V-225395, V-225393, V-225391, V-225389, V-225386, V-225385, V-225384, V-225383, V-225382, V-225381, V-225380, V-225379, V-225378, V-225377, V-225375, V-225374, V-225373, V-225372, V-225371, V-225370, V-225369, V-225368, V-225367, V-225356, V-225353, V-225352, V-225351, V-225350, V-225349, V-225348, V-225347, V-225346, V-225345, V-225344, V-225341, V-225340, V-225339, V-225338, V-225337, V-225329, V-225326, V-225325, V-225317, V-225316, V-225315, V-225314, V-225305, V-225304, V-225303, V-225302, V-225301, V-225300, V-225299, V-225298, V-225297, V-225296, V-225295, V-225294, V-225293, V-225292, V-225291, V-225290, V-225289, V-225288, V-225287, V-225286, V-225285, V-225284, V-225283, V-225282, V-225281, V-225280, V-225279, V-225278, V-225277, V-225276, V-225275, V-225273, V-225272, V-225271, V-225270, V-225269, V-225268, V-225267, V-225266, V-225265, V-225264, V-225263, V-225261, V-225260, V-225259, and V-225239

  • Microsoft .NET Framework STIG 4.0 Version 2 Release 2

    Includes all STIG hardening settings that Amazon EC2 supports for Category III (Low) vulnerabilities, plus:

    V-225238

  • Windows Firewall STIG Version 2 Release 2

    Includes all STIG hardening settings that Amazon EC2 supports for Category III (Low) vulnerabilities, plus:

    V-241989, V-241990, V-241991, V-241993, V-241993, V-241998, V-241998, V-242003, and V-242003

  • Internet Explorer 11 STIG Version 2 Release 5

    Includes all STIG hardening settings that Amazon EC2 supports for Category III (Low) vulnerabilities, plus:

    V-223015, V-223017, V-223018, V-223019, V-223020, V-223021, V-223022, V-223023, V-223024, V-223025, V-223026, V-223027, V-223028, V-223029, V-223030, V-223031, V-223032, V-223033, V-223034, V-223035, V-223036, V-223037, V-223038, V-223039, V-223040, V-223041, V-223042, V-223043, V-223044, V-223045, V-223046, V-223048, V-223049, V-223050, V-223051, V-223052, V-223053, V-223054, V-223055, V-223057, V-223058, V-223059, V-223060, V-223061, V-223062, V-223063, V-223064, V-223065, V-223066, V-223067, V-223068, V-223069, V-223070, V-223071, V-223072, V-223073, V-223074, V-223075, V-223076, V-223077, V-223079, V-223080, V-223081, V-223082, V-223083, V-223084, V-223085, V-223086, V-223087, V-223088, V-223089, V-223090, V-223091, V-223092, V-223093, V-223094, V-223095, V-223096, V-223097, V-223098, V-223099, V-223100, V-223101, V-223102, V-223103, V-223104, V-223105, V-223106, V-223107, V-223108, V-223109, V-223110, V-223111, V-223112, V-223113, V-223114, V-223115, V-223116, V-223117, V-223118, V-223119, V-223120, V-223121, V-223122, V-223123, V-223124, V-223125, V-223126, V-223127, V-223128, V-223129, V-223130, V-223131, V-223132, V-223133, V-223134, V-223135, V-223136, V-223137, V-223138, V-223139, V-223140, V-223141, V-223142, V-223143, V-223144, V-223145, V-223146, V-223147, V-223148, V-223149, V-250540, and V-250541

  • Microsoft Edge STIG Version 2 Release 2 (Windows Server 2022 only)

    V-235720, V-235721, V-235723, V-235724, V-235725, V-235726, V-235728, V-235729, V-235730, V-235732, V-235733, V-235734, V-235735, V-235736, V-235737, V-235738, V-235739, V-235740, V-235741, V-235742, V-235743, V-235744, V-235745, V-235746, V-235747, V-235748, V-235749, V-235750, V-235754, V-235756, V-235760, V-235761, V-235763, V-235764, V-235766, V-235767, V-235768, V-235769, V-235770, V-235771, V-235772, V-235773, V-235774, and V-246736

  • Microsoft Defender STIG Version 2 Release 4

    V-213427, V-213429, V-213430, V-213431, V-213432, V-213433, V-213434, V-213435, V-213436, V-213437, V-213438, V-213439, V-213440, V-213441, V-213442, V-213443, V-213444, V-213445, V-213446, V-213447, V-213448, V-213449, V-213450, V-213451, V-213455, V-213464, V-213465, and V-213466

Windows STIG High (Category I)

The following list contains STIG settings that Amazon EC2 supports to your infrastructure. If a supported setting isn't applicable for your infrastructure, Amazon EC2 skips that setting, and moves on. For example, some STIG hardening settings might not apply to standalone servers. Organization-specific policies can also affect which settings apply, such as a requirement for administrators to review document settings.

For a complete list of Windows STIGs, see the STIGs Document Library. For information about how to view the complete list, see STIG Viewing Tools.

Note

The Windows STIG High category includes all of the listed STIG hardening settings that apply for Windows STIG Medium and Low categories, in addition to the STIG hardening settings that Amazon EC2 supports for Category I vulnerabilities.

  • Windows Server 2022 STIG Version 2 Release 2

    V-254293, V-254352, V-254353, V-254354, V-254374, V-254378, V-254381, V-254446, V-254465, V-254466, V-254467, V-254469, V-254474, V-254475, and V-254500

  • Windows Server 2019 STIG Version 3 Release 2

    Includes all STIG hardening settings that Amazon EC2 supports for Categories II and III (Medium and Low) vulnerabilities, plus:

    V-205653, V-205654, V-205711, V-205713, V-205724, V-205725, V-205757, V-205802, V-205804, V-205805, V-205806, V-205849, V-205908, V-205913, V-205914, and V-205919

  • Windows Server 2016 STIG Version 2 Release 9

    Includes all STIG hardening settings that Amazon EC2 supports for Categories II and III (Medium and Low) vulnerabilities, plus:

    V-224874, V-224932, V-224933, V-224934, V-224954, V-224958, V-224961, V-225025, V-225044, V-225045, V-225046, V-225048, V-225053, V-225054, and V-225079

  • Windows Server 2012 R2 MS STIG Version 3 Release 5

    Includes all STIG hardening settings that Amazon EC2 supports for Categories II and III (Medium and Low) vulnerabilities, plus:

    V-225556, V-225552, V-225547, V-225507, V-225505, V-225498, V-225497, V-225496, V-225493, V-225492, V-225491, V-225449, V-225444, V-225399, V-225396, V-225390, V-225366, V-225365, V-225364, V-225354, and V-225274

  • Microsoft .NET Framework STIG 4.0 Version 2 Release 2

    Includes all STIG hardening settings that Amazon EC2 supports for Categories II and III (Medium and Low) vulnerabilities for the Microsoft .NET Framework. No additional STIG settings apply for Category I vulnerabilities.

  • Windows Firewall STIG Version 2 Release 2

    Includes all STIG hardening settings that Amazon EC2 supports for Categories II and III (Medium and Low) vulnerabilities, plus:

    V-241992, V-241997, and V-242002

  • Internet Explorer 11 STIG Version 2 Release 5

    Includes all STIG hardening settings that Amazon EC2 supports for Categories II and III (Medium and Low) vulnerabilities, plus:

    V-252910

  • Microsoft Edge STIG Version 2 Release 2 (Windows Server 2022 only)

    Includes all STIG hardening settings that Amazon EC2 supports for Categories II and III (Medium and Low) vulnerabilities, plus:

    V-235758 and V-235759

  • Microsoft Defender STIG Version 2 Release 4

    Includes all STIG hardening settings that Amazon EC2 supports for Categories II and III (Medium and Low) vulnerabilities, plus:

    V-213426, V-213426, V-213452, V-213452, V-213452, V-213453, V-213453, and V-213453

Windows STIG version history

This section logs Windows component version history for the quarterly STIG updates. To see the changes and published versions for a quarter, choose the title to expand the information.

Updated STIGS for Internet Explorer 11 STIG Version 2 Release 5 for all STIG components for the 2025 first quarter release.

  • STIG-Build-Windows-Low version 2025.1.x

  • STIG-Build-Windows-Medium version 2025.1.x

  • STIG-Build-Windows-High version 2025.1.x

Updated STIG versions and applied STIGS for the 2024 Q4 release as follows:

STIG-Build-Windows-Low version 2024.4.0

  • Windows Server 2022 STIG Version 2 Release 2

  • Windows Server 2019 STIG Version 3 Release 2

  • Windows Server 2016 STIG Version 2 Release 9

  • Windows Server 2012 R2 MS STIG Version 3 Release 5

  • Microsoft .NET Framework 4.0 STIG Version 2 Release 2

  • Windows Firewall STIG Version 2 Release 2

  • Internet Explorer 11 STIG Version 2 Release 5

  • Microsoft Edge STIG Version 2 Release 2 (Windows Server 2022 only)

STIG-Build-Windows-Medium version 2024.4.0

  • Windows Server 2022 STIG Version 2 Release 2

  • Windows Server 2019 STIG Version 3 Release 2

  • Windows Server 2016 STIG Version 2 Release 9

  • Windows Server 2012 R2 MS STIG Version 3 Release 5

  • Microsoft .NET Framework 4.0 STIG Version 2 Release 2

  • Windows Firewall STIG Version 2 Release 2

  • Internet Explorer 11 STIG Version 2 Release 5

  • Microsoft Edge STIG Version 2 Release 2 (Windows Server 2022 only)

  • Defender STIG Version 2 Release 4

STIG-Build-Windows-High version 2024.4.0

  • Windows Server 2022 STIG Version 2 Release 2

  • Windows Server 2019 STIG Version 3 Release 2

  • Windows Server 2016 STIG Version 2 Release 9

  • Windows Server 2012 R2 MS STIG Version 3 Release 5

  • Microsoft .NET Framework 4.0 STIG Version 2 Release 2

  • Windows Firewall STIG Version 2 Release 2

  • Internet Explorer 11 STIG Version 2 Release 5

  • Microsoft Edge STIG Version 2 Release 2 (Windows Server 2022 only)

  • Defender STIG Version 2 Release 4

There were no changes for Windows component STIGS for the 2024 third quarter release.

There were no changes for Windows component STIGS for the 2024 second quarter release.

There were no changes for Windows component STIGS for the 2024 first quarter release.

There were no changes for Windows component STIGS for the 2023 fourth quarter release.

There were no changes for Windows component STIGS for the 2023 third quarter release.

There were no changes for Windows component STIGS for the 2023 second quarter release.

There were no changes for Windows component STIGS for the 2023 first quarter release.

Updated STIG versions and applied STIGS for the 2022 Q4 release as follows:

STIG-Build-Windows-Low version 2022.4.0

  • Windows Server 2022 STIG Version 1 Release 1

  • Windows Server 2019 STIG Version 2 Release 5

  • Windows Server 2016 STIG Version 2 Release 5

  • Windows Server 2012 R2 MS STIG Version 3 Release 5

  • Microsoft .NET Framework 4.0 STIG Version 2 Release 2

  • Windows Firewall STIG Version 2 Release 1

  • Internet Explorer 11 STIG Version 2 Release 3

  • Microsoft Edge STIG Version 1 Release 6 (Windows Server 2022 only)

STIG-Build-Windows-Medium version 2022.4.0

  • Windows Server 2022 STIG Version 1 Release 1

  • Windows Server 2019 STIG Version 2 Release 5

  • Windows Server 2016 STIG Version 2 Release 5

  • Windows Server 2012 R2 MS STIG Version 3 Release 5

  • Microsoft .NET Framework 4.0 STIG Version 2 Release 2

  • Windows Firewall STIG Version 2 Release 1

  • Internet Explorer 11 STIG Version 2 Release 3

  • Microsoft Edge STIG Version 1 Release 6 (Windows Server 2022 only)

  • Defender STIG Version 2 Release 4 (Windows Server 2022 only)

STIG-Build-Windows-High version 2022.4.0

  • Windows Server 2022 STIG Version 1 Release 1

  • Windows Server 2019 STIG Version 2 Release 5

  • Windows Server 2016 STIG Version 2 Release 5

  • Windows Server 2012 R2 MS STIG Version 3 Release 5

  • Microsoft .NET Framework 4.0 STIG Version 2 Release 2

  • Windows Firewall STIG Version 2 Release 1

  • Internet Explorer 11 STIG Version 2 Release 3

  • Microsoft Edge STIG Version 1 Release 6 (Windows Server 2022 only)

  • Defender STIG Version 2 Release 4 (Windows Server 2022 only)

There were no changes for Windows component STIGS for the 2022 third quarter release.

Updated STIG versions and applied STIGS for the 2022 Q2 release.

STIG-Build-Windows-Low version 1.5.0

  • Windows Server 2019 STIG Version 2 Release 4

  • Windows Server 2016 STIG Version 2 Release 4

  • Windows Server 2012 R2 MS STIG Version 3 Release 3

  • Microsoft .NET Framework 4.0 STIG Version 2 Release 1

  • Windows Firewall STIG Version 2 Release 1

  • Internet Explorer 11 STIG Version 1 Release 19

STIG-Build-Windows-Medium version 1.5.0

  • Windows Server 2019 STIG Version 2 Release 4

  • Windows Server 2016 STIG Version 2 Release 4

  • Windows Server 2012 R2 MS STIG Version 3 Release 3

  • Microsoft .NET Framework 4.0 STIG Version 2 Release 1

  • Windows Firewall STIG Version 2 Release 1

  • Internet Explorer 11 STIG Version 1 Release 19

STIG-Build-Windows-High version 1.5.0

  • Windows Server 2019 STIG Version 2 Release 4

  • Windows Server 2016 STIG Version 2 Release 4

  • Windows Server 2012 R2 MS STIG Version 3 Release 3

  • Microsoft .NET Framework 4.0 STIG Version 2 Release 1

  • Windows Firewall STIG Version 2 Release 1

  • Internet Explorer 11 STIG Version 1 Release 19

There were no changes for Windows component STIGS for the 2022 first quarter release.

Updated STIG versions and applied STIGS for the 2021 fourth quarter release.

STIG-Build-Windows-Low version 1.5.0

  • Windows Server 2019 STIG Version 2 Release 3

  • Windows Server 2016 STIG Version 2 Release 3

  • Windows Server 2012 R2 MS STIG Version 3 Release 3

  • Microsoft .NET Framework 4.0 STIG Version 2 Release 1

  • Windows Firewall STIG Version 2 Release 1

  • Internet Explorer 11 STIG Version 1 Release 19

STIG-Build-Windows-Medium version 1.5.0

  • Windows Server 2019 STIG Version 2 Release 3

  • Windows Server 2016 STIG Version 2 Release 3

  • Windows Server 2012 R2 MS STIG Version 3 Release 3

  • Microsoft .NET Framework 4.0 STIG Version 2 Release 1

  • Windows Firewall STIG Version 2 Release 1

  • Internet Explorer 11 STIG Version 1 Release 19

STIG-Build-Windows-High version 1.5.0

  • Windows Server 2019 STIG Version 2 Release 3

  • Windows Server 2016 STIG Version 2 Release 3

  • Windows Server 2012 R2 MS STIG Version 3 Release 3

  • Microsoft .NET Framework 4.0 STIG Version 2 Release 1

  • Windows Firewall STIG Version 2 Release 1

  • Internet Explorer 11 STIG Version 1 Release 19

Updated STIG versions and applied STIGS for the 2021 third quarter release.

STIG-Build-Windows-Low version 1.4.0

  • Windows Server 2019 STIG Version 2 Release 2

  • Windows Server 2016 STIG Version 2 Release 2

  • Windows Server 2012 R2 MS STIG Version 3 Release 2

  • Microsoft .NET Framework 4.0 STIG Version 2 Release 1

  • Windows Firewall STIG Version 1 Release 7

  • Internet Explorer 11 STIG Version 1 Release 19

STIG-Build-Windows-Medium version 1.4.0

  • Windows Server 2019 STIG Version 2 Release 2

  • Windows Server 2016 STIG Version 2 Release 2

  • Windows Server 2012 R2 MS STIG Version 3 Release 2

  • Microsoft .NET Framework 4.0 STIG Version 2 Release 1

  • Windows Firewall STIG Version 1 Release 7

  • Internet Explorer 11 STIG Version 1 Release 19

STIG-Build-Windows-High version 1.4.0

  • Windows Server 2019 STIG Version 2 Release 2

  • Windows Server 2016 STIG Version 2 Release 2

  • Windows Server 2012 R2 MS STIG Version 3 Release 2

  • Microsoft .NET Framework 4.0 STIG Version 2 Release 1

  • Windows Firewall STIG Version 1 Release 7

  • Internet Explorer 11 STIG Version 1 Release 19

Linux STIG settings

This section contains information about the Linux STIG hardening settings that Amazon EC2 supports, followed by a version history log. If the Linux distribution doesn't have STIG hardening settings of its own, Amazon EC2 uses RHEL settings. Supported STIG hardening settings apply to Amazon EC2 Linux AMIs and components based on the Linux distribution, as follows:

  • Red Hat Enterprise Linux (RHEL) 7 STIG settings

    • RHEL 7

    • CentOS 7

    • Amazon Linux 2 (AL2)

  • RHEL 8 STIG settings

    • RHEL 8

    • CentOS 8

    • Amazon Linux 2023 (AL 2023)

  • RHEL 9 STIG settings

    • RHEL 9

    • CentOS Stream 9

Linux STIG Low (Category III)

The following list contains STIG settings that Amazon EC2 supports to your infrastructure. If a supported setting isn't applicable for your infrastructure, Amazon EC2 skips that setting, and moves on. For example, some STIG hardening settings might not apply to standalone servers. Organization-specific policies can also affect which settings apply, such as a requirement for administrators to review document settings.

For a complete list, see the STIGs Document Library. For information about how to view the complete list, see STIG Viewing Tools.

RHEL 7 STIG Version 3 Release 14

  • RHEL 7/CentOS 7/AL2

    V-204452, V-204576, and V-204605

RHEL 8 STIG Version 2 Release 2

  • RHEL 8/CentOS 8/AL 2023

    V-230241, V-230281, V-244527, V-230269, V-230270, V-230285, V-230346, V-230381, V-230395, V-230491, V-230468, V-230469, V-230485, V-230486, V-230494, V-230495, V-230496, V-230497, V-230498, V-230499, and V-230253

RHEL 9 STIG Version 2 Release 3

  • RHEL 9/CentOS Stream 9

    V-257782, V-257824, V-258138, V-258037, V-257880, V-257795, V-257796, V-258173, V-258069, V-258076, V-258067, V-257946, and V-257947

Ubuntu 18.04 STIG Version 2 Release 15

V-219163, V-219164, V-219165, V-219172, V-219173, V-219174, V-219175, V-219178, V-219180, V-219210, V-219301, V-219327, V-219332, and V-219333

Ubuntu 20.04 STIG Version 2 Release 2

V-238203, V-238202, V-238234, V-238235, V-238237, V-238323, V-238373, V-238221, V-238222, V-238223, V-238224, V-238226, V-238362, V-238357, and V-238308

Ubuntu 22.04 STIG Version 2 Release 3

V-260479, V-260480, V-260481, V-260521, V-260520, V-260476, V-260472,V-260549, V-260550, V-260551, V-260552, V-260581, and V-260596

Ubuntu 24.04 STIG Version 1 Release 1

V-270645, V-270646, V-270664, V-270820, V-270677, V-270690, V-270706, V-270710, V-270695, V-270749, V-270752, and V-270818

Linux STIG Medium (Category II)

The following list contains STIG settings that Amazon EC2 supports to your infrastructure. If a supported setting isn't applicable for your infrastructure, Amazon EC2 skips that setting, and moves on. For example, some STIG hardening settings might not apply to standalone servers. Organization-specific policies can also affect which settings apply, such as a requirement for administrators to review document settings.

For a complete list, see the STIGs Document Library. For information about how to view the complete list, see STIG Viewing Tools.

Note

The Linux STIG Medium category includes all of the listed STIG hardening settings that apply for Linux STIG Low (Category III), in addition to the STIG hardening settings that Amazon EC2 supports for Category II vulnerabilities.

RHEL 7 STIG Version 3 Release 15

Includes all STIG hardening settings that Amazon EC2 supports for Category III (Low) vulnerabilities, plus:

  • RHEL 7/CentOS 7/AL2

    V-204405, V-204406, V-204407, V-204408, V-204409, V-204410, V-204411, V-204412, V-204413, V-204414, V-204415, V-204416, V-204417, V-204418, V-204422, V-204423, V-204426, V-204427, V-204431, V-204434, V-204435, V-204437, V-204449, V-204450, V-204451, V-204457, V-204466, V-204490, V-204491, V-204503, V-204507, V-204508, V-204510, V-204511, V-204512, V-204514, V-204515, V-204516, V-204517, V-204521, V-204524, V-204531, V-204536, V-204537, V-204538, V-204539, V-204540, V-204541, V-204542, V-204543, V-204544, V-204545, V-204546, V-204547, V-204548, V-204549, V-204550, V-204551, V-204552, V-204553, V-204554, V-204555, V-204556, V-204557, V-204558, V-204559, V-204560, V-204562, V-204563, V-204564, V-204565, V-204566, V-204567, V-204568, V-204572, V-204578, V-204579, V-204584, V-204585, V-204587, V-204588, V-204589, V-204590, V-204591, V-204592, V-204593, V-204595, V-204596, V-204597, V-204598, V-204599, V-204600, V-204601, V-204602, V-204609, V-204610, V-204611, V-204612, V-204613, V-204614, V-204615, V-204616, V-204617, V-204619, V-204622, V-204625, V-204630, V-204631, V-204633, V-233307, V-237634, V-237635, V-251703, V-255925, V-255927, V-255928, and V-256970

RHEL 8 STIG Version 2 Release 2

Includes all STIG hardening settings that Amazon EC2 supports for Category III (Low) vulnerabilities, plus:

  • RHEL 8/CentOS 8/AL 2023

    V-230238, V-230239, V-230257, V-230258, V-230259, V-230262, V-230273, V-230275, V-230316, V-230325, V-230366, V-230478, V-230488, V-230489, V-230505, V-230523, V-230550, V-230559, V-230560, V-230561, V-237640, V-244547, V-256974, V-230525, V-244544, V-230248, V-230249, V-230250, V-230245, V-230246, V-230247, V-230397, V-230399, V-230400, V-230401, V-244543, V-230228, V-230298, V-230387, V-230482, V-230231, V-230233, V-230324, V-230365, V-230370, V-230373, V-230378, V-230383, V-230236, V-230314, V-230315, V-244523, V-257258, V-230266, V-230267, V-230268, V-230280, V-230310, V-230311, V-230312, V-230502, V-230532, V-230535, V-230536, V-230537, V-230538, V-230539, V-230540, V-230541, V-230542, V-230543, V-230544, V-230545, V-230546, V-230547, V-230548, V-230549, V-244550, V-244551, V-244552, V-244553, V-244554, V-250317, V-251718, V-230237, V-230313, V-230356, V-230357, V-230358, V-230359, V-230360, V-230361, V-230362, V-230363, V-230368, V-230369, V-230375, V-230376, V-230377, V-244524, V-244533, V-251713, V-251717, V-251714, V-251715, V-251716, V-230332, V-230333, V-230335, V-230337, V-230339, V-230341, V-230343, V-230345, V-230240, V-230282, V-250315, V-250316, V-230255, V-230277, V-230278, V-230348, V-230353, V-230386, V-230390, V-230392, V-230394, V-230396, V-230393, V-230398, V-230402, V-230403, V-230404, V-230405, V-230406, V-230407, V-230408, V-230409, V-230410, V-230411, V-230412, V-230413, V-230418, V-230419, V-230421, V-230422, V-230423, V-230424, V-230425, V-230426, V-230427, V-230428, V-230429, V-230430, V-230431, V-230432, V-230433, V-230434, V-230435, V-230436, V-230437, V-230438, V-230439, V-230444, V-230446, V-230447, V-230448, V-230449, V-230455, V-230456, V-230462, V-230463, V-230464, V-230465, V-230466, V-230467, V-230471, V-230472, V-230473, V-230474, V-230480, V-230483, V-244542, V-230503, V-230507, V-244525, V-230244, V-230286, V-230287, V-230288, V-230290, V-230291, V-230296, V-230330, V-230382, V-230526, V-230527, V-230555, V-230556, V-244526, V-244528, V-237642, V-237643, and V-251711

RHEL 9 STIG Version 2 Release 3

Includes all STIG hardening settings that Amazon EC2 supports for Category III (Low) vulnerabilities, plus:

  • RHEL 9/CentOS Stream 9

    V-257981, V-257780, V-257825, V-257827, V-257828, V-257829, V-257830, V-257831, V-257832, V-257833, V-257834, V-257836, V-257838, V-257839, V-257840, V-257841, V-257842, V-257882, V-257883, V-257884, V-257885, V-257889, V-257890, V-257891, V-257892, V-257893, V-257894, V-257895, V-257896, V-257897, V-257898, V-257899, V-257900, V-257901, V-257902, V-257903, V-257904, V-257905, V-257906, V-257907, V-257908, V-257909, V-257910, V-257911, V-257912, V-257913, V-257914, V-257915, V-257918, V-257919, V-257920, V-257921, V-257922, V-257923, V-257928, V-257929, V-257930, V-257934, V-257935, V-257943, V-257948, V-257954, V-257978, V-257980, V-258035, V-258041, V-258046, V-258052, V-258063, V-258068, V-258081, V-258082, V-258083, V-258089, V-258120, V-258124, V-258126, V-258140, V-258141, V-258151, V-258234, V-257886, V-257916, V-257917, V-257952, V-257936, V-257939, V-257940, V-258036, V-258038, V-257887, V-257924, V-257925, V-258145, V-258152, V-258153, V-258154, V-258156, V-258157, V-258158, V-258159, V-258160, V-258161, V-258162, V-258163, V-258164, V-258165, V-258166, V-258167, V-258168, V-258169, V-258170, V-258171, V-258172, V-258176, V-258177, V-258178, V-258179, V-258180, V-258181, V-258182, V-258183, V-258184, V-258185, V-258186, V-258187, V-258188, V-258189, V-258190, V-258191, V-258192, V-258193, V-258194, V-258195, V-258196, V-258197, V-258198, V-258199, V-258200, V-258201, V-258202, V-258203, V-258204, V-258205, V-258206, V-258207, V-258208, V-258209, V-258210, V-258211, V-258212, V-258213, V-258214, V-258215, V-258216, V-258217, V-258218, V-258219, V-258220, V-258221, V-258222, V-258223, V-258224, V-258225, V-258226, V-258227, V-258228, V-258229, V-257781, V-257783, V-257786, V-257797, V-257798, V-257799, V-257800, V-257801, V-257802, V-257803, V-257809, V-257810, V-257811, V-257812, V-257813, V-257815, V-257816, V-257942, V-257957, V-257958, V-257959, V-257960, V-257961, V-257962, V-257963, V-257964, V-257965, V-257966, V-257967, V-257968, V-257969, V-257970, V-257971, V-257972, V-257973, V-257974, V-257975, V-257976, V-257977, V-258077, V-258128, V-258129, V-258043, V-258049, V-258071, V-258072, V-258073, V-258074, V-258075, V-258104, V-258105, V-258107, V-258108, V-258109, V-258110, V-258111, V-258117, V-258119, V-257979, V-257982, V-257983, V-257985, V-257987, V-257988, V-257992, V-257993, V-257994, V-257995, V-257996, V-257997, V-257998, V-257999, V-258000, V-258001, V-258002, V-258003, V-258004, V-258005, V-258006, V-258007, V-258008, V-258009, V-258010, V-258011, V-258130, V-257814, V-258054, V-258055, V-258056, V-258057, V-258060, V-258070, V-258080, V-258088, V-258091, V-258092, V-258093, V-258095, V-258097, V-258098, V-258099, V-258100, V-258101, V-258102, V-258103, V-258112, V-258113, V-258114, V-258115, V-258116, V-258118, V-258233, V-257951, V-257953, V-258142, V-258144, V-258146, V-258147, V-258148, V-258150, V-258064, V-258065, V-258066, V-258232, V-258237, V-258239, V-258240, V-257788, V-257790, V-257791, V-257792, V-257793, V-257794, V-257817, V-258175, V-257804, V-257805, V-257806, V-257807, V-257808, V-258034, V-258039, V-257888, V-257926, V-257927, V-257933, V-258084, V-258085, V-257949, V-258040, V-257818, V-257849, V-258122, V-258123, V-258133, V-257944, V-258028, V-258079, V-258125, and V-258137

Ubuntu 18.04 STIG Version 2 Release 15

Includes all STIG hardening settings that Amazon EC2 supports for Category III (Low) vulnerabilities, plus:

V-219149, V-219155, V-219156, V-219160, V-219166, V-219168, V-219176, V-219181, V-219184, V-219186, V-219188, V-219189, V-219190, V-219191, V-219192, V-219193, V-219194, V-219195, V-219196, V-219197, V-219198, V-219199, V-219200, V-219201, V-219202, V-219203, V-219204, V-219205, V-219206, V-219207, V-219208, V-219209, V-219213, V-219214, V-219215, V-219216, V-219217, V-219218, V-219219, V-219220, V-219221, V-219222, V-219223, V-219224, V-219225, V-219226, V-219227, V-219228, V-219229, V-219230, V-219231, V-219232, V-219233, V-219234, V-219235, V-219236, V-219238, V-219239, V-219240, V-219241, V-219242, V-219243, V-219244, V-219250, V-219254, V-219257, V-219263, V-219264, V-219265, V-219266, V-219267, V-219268, V-219269, V-219270, V-219271, V-219272, V-219273, V-219274, V-219275, V-219276, V-219277, V-219279, V-219281, V-219287, V-219291, V-219297, V-219298, V-219299, V-219300, V-219303, V-219304, V-219306, V-219309, V-219310, V-219311, V-219312, V-219315, V-219318, V-219319, V-219323, V-219326, V-219328, V-219330, V-219331, V-219335, V-219336, V-219337, V-219338, V-219339, V-219342, V-219344, V-233779, V-233780, and V-255906

Ubuntu 20.04 STIG Version 2 Release 2

Includes all STIG hardening settings that Amazon EC2 supports for Category III (Low) vulnerabilities, plus:

V-238200, V-238205, V-238207, V-238231, V-238329, V-238337, V-238339, V-238340, V-238344, V-238345, V-238346, V-238347, V-238348, V-238349, V-238350, V-238351, V-238352, V-238371, V-238376, V-238377, V-238378, V-238209, V-238325, V-238330, V-238333, V-238369, V-238230, V-238338, V-238341, V-238342, V-238343, V-238324, V-238353, V-238228, V-238225, V-238227, V-238299, V-238238, V-238239, V-238240, V-238241, V-238242, V-238244, V-238245, V-238246, V-238247, V-238248, V-238249, V-238250, V-238251, V-238252, V-238253, V-238254, V-238255, V-238256, V-238257, V-238258, V-238264, V-238268, V-238271, V-238277, V-238278, V-238279, V-238280, V-238281, V-238282, V-238283, V-238284, V-238285, V-238286, V-238287, V-238288, V-238289, V-238290, V-238291, V-238292, V-238293, V-238294, V-238295, V-238297, V-238300, V-238301, V-238302, V-238304, V-238309, V-238310, V-238315, V-238316, V-238317, V-238318, V-238319, V-238320, V-251505, V-238360, V-238210, V-238211, V-238212, V-238213, V-238220, V-255912, V-238355, V-238236, V-238303, V-238356, V-238359, V-238370, V-238334, and V-238232

Ubuntu 22.04 STIG Version 2 Release 3

Includes all STIG hardening settings that Amazon EC2 supports for Category III (Low) vulnerabilities, plus:

V-260546, V-260473, V-260474, V-260478, V-260485, V-260486, V-260487, V-260488, V-260489, V-260490, V-260495, V-260496, V-260497, V-260498, V-260499, V-260500, V-260508, V-260513, V-260522, V-260540, V-260542, V-260543, V-260547, V-260554, V-260572, V-260590, V-260475, V-260491, V-260510, V-260511, V-260492, V-260493, V-260494, V-260507, V-260591, V-260594, V-260597, V-260598, V-260599, V-260600, V-260601, V-260602, V-260603, V-260604, V-260605, V-260606, V-260607, V-260608, V-260609, V-260610, V-260611, V-260612, V-260613, V-260614, V-260615, V-260616, V-260617, V-260618, V-260619, V-260620, V-260621, V-260622, V-260623, V-260624, V-260625, V-260626, V-260627, V-260628, V-260629, V-260630, V-260631, V-260632, V-260633, V-260634, V-260635, V-260636, V-260637, V-260638, V-260639, V-260640, V-260641, V-260642, V-260643, V-260644, V-260645, V-260646, V-260647, V-260648, V-260649, V-260471, V-260514, V-260553, V-260573, V-260576, V-260574, V-260560, V-260561, V-260562, V-260563, V-260564, V-260565, V-260566, V-260567, V-260569, V-260527, V-260528, V-260530, V-260533, V-260534, V-260575, V-260505, V-260506, V-260512, V-260582, V-260584, V-260585, V-260586, V-260477, V-260545, V-260555, V-260556, V-260557, V-260509, V-260588, V-260589, V-260537, V-260538, and V-260535

Ubuntu 24.04 STIG Version 1 Release 1

Includes all STIG hardening settings that Amazon EC2 supports for Category III (Low) vulnerabilities, plus:

V-270649, V-270651, V-270652, V-270653, V-270654, V-270656, V-270657, V-270659, V-270660, V-270661, V-270662, V-270663, V-270669, V-270672, V-270673, V-270674, V-270676, V-270678, V-270679, V-270680, V-270681, V-270683, V-270684, V-270685, V-270686, V-270687, V-270688, V-270689, V-270692, V-270693, V-270696, V-270697, V-270698, V-270699, V-270700, V-270701, V-270702, V-270703, V-270704, V-270705, V-270709, V-270715, V-270716, V-270718, V-270720, V-270721, V-270722, V-270723, V-270724, V-270725, V-270726, V-270727, V-270728, V-270729, V-270730, V-270731, V-270732, V-270733, V-270737, V-270739, V-270740, V-270741, V-270742, V-270743, V-270746, V-270750, V-270753, V-270755, V-270756, V-270757, V-270758, V-270759, V-270760, V-270765, V-270766, V-270767, V-270768, V-270769, V-270770, V-270771, V-270772, V-270773, V-270775, V-270776, V-270777, V-270778, V-270779, V-270780, V-270781, V-270782, V-270783, V-270784, V-270785, V-270786, V-270787, V-270788, V-270789, V-270790, V-270791, V-270792, V-270793, V-270794, V-270795, V-270796, V-270797, V-270798, V-270799, V-270800, V-270801, V-270802, V-270803, V-270804, V-270805, V-270806, V-270807, V-270808, V-270809, V-270810, V-270811, V-270812, V-270813, V-270814, V-270815, V-270821, V-270822, V-270823, V-270824, V-270825, V-270826, V-270827, V-270828, V-270829, V-270830, V-270831, and V-270832

Linux STIG High (Category I)

The following list contains STIG settings that Amazon EC2 supports to your infrastructure. If a supported setting isn't applicable for your infrastructure, Amazon EC2 skips that setting, and moves on. For example, some STIG hardening settings might not apply to standalone servers. Organization-specific policies can also affect which settings apply, such as a requirement for administrators to review document settings.

For a complete list, see the STIGs Document Library. For information about how to view the complete list, see STIG Viewing Tools.

Note

The Linux STIG High category includes all of the listed STIG hardening settings that apply for Linux STIG Medium and Low categories, in addition to the STIG hardening settings that Amazon EC2 supports for Category I vulnerabilities.

RHEL 7 STIG Version 3 Release 15

Includes all STIG hardening settings that Amazon EC2 supports for Categories II and III (Medium and Low) vulnerabilities, plus:

  • RHEL 7/CentOS 7/AL2

    V-204424, V-204425, V-204442, V-204443, V-204447, V-204448, V-204455, V-204497, V-204502, V-204594, V-204620, and V-204621

RHEL 8 STIG Version 2 Release 2

Includes all STIG hardening settings that Amazon EC2 supports for Categories II and III (Medium and Low) vulnerabilities, plus:

  • RHEL 8/CentOS 8/AL 2023

    V-230223, V-230265, V-230529, V-230531, V-230264, V-230487, V-230492, V-230533, V-230558, and V-244540

RHEL 9 STIG Version 2 Release 3

Includes all STIG hardening settings that Amazon EC2 supports for Categories II and III (Medium and Low) vulnerabilities, plus:

  • RHEL 9/CentOS Stream 9

    V-257820, V-257821, V-257826, V-257835, V-257955, V-257956, V-258059, V-258230, V-258238, V-257784, V-257785, V-257984, V-257986, V-258078, V-258094, and V-258235

Ubuntu 18.04 STIG Version 2 Release 15

Includes all STIG hardening settings that Amazon EC2 supports for Categories II and III (Medium and Low) vulnerabilities, plus:

V-219157, V-219158, V-219177, V-219212, V-219308, V-219314, V-219316, V-251507, and V-264388

Ubuntu 20.04 STIG Version 2 Release 2

Includes all STIG hardening settings that Amazon EC2 supports for Categories II and III (Medium and Low) vulnerabilities, plus:

V-238218, V-238219, V-238201, V-251504, V-238326, V-238327, and V-238380

Ubuntu 22.04 STIG Version 2 Release 3

Includes all STIG hardening settings that Amazon EC2 supports for Categories II and III (Medium and Low) vulnerabilities, plus:

V-260482, V-260483, V-260523, V-260524, V-260469, V-260526, V-260529, V-260570, V-260571, V-260579, and V-260539

Ubuntu 24.04 STIG Version 1 Release 1

Includes all STIG hardening settings that Amazon EC2 supports for Categories II and III (Medium and Low) vulnerabilities, plus:

V-270647, V-270648, V-270665, V-270666, V-270708, V-270717, V-270711, V-270712, V-270713, and V-270714

Linux STIG version history

This section logs Linux component version history for the quarterly STIG updates. To see the changes and published versions for a quarter, choose the title to expand the information.

Updated the following STIG versions, applied STIGS for the 2025 first quarter release, and added support for Ubuntu 24.04:

STIG-Build-Linux-Low version 2025.1.x

  • RHEL 7 STIG Version 3 Release 15

  • RHEL 8 STIG Version 2 Release 2

  • RHEL 9 STIG Version 2 Release 3

  • Ubuntu 18.04 STIG Version 2 Release 15

  • Ubuntu 20.04 STIG Version 2 Release 2

  • Ubuntu 22.04 STIG Version 2 Release 3

  • Ubuntu 24.04 STIG Version 1 Release 1

STIG-Build-Linux-Medium version 2025.1.x

  • RHEL 7 STIG Version 3 Release 15

  • RHEL 8 STIG Version 2 Release 2

  • RHEL 9 STIG Version 2 Release 3

  • Ubuntu 18.04 STIG Version 2 Release 15

  • Ubuntu 20.04 STIG Version 2 Release 2

  • Ubuntu 22.04 STIG Version 2 Release 3

  • Ubuntu 24.04 STIG Version 1 Release 1

STIG-Build-Linux-High version 2025.1.x

  • RHEL 7 STIG Version 3 Release 15

  • RHEL 8 STIG Version 2 Release 2

  • RHEL 9 STIG Version 2 Release 3

  • Ubuntu 18.04 STIG Version 2 Release 15

  • Ubuntu 20.04 STIG Version 2 Release 2

  • Ubuntu 22.04 STIG Version 2 Release 3

  • Ubuntu 24.04 STIG Version 1 Release 1

Updated the following STIG versions, applied STIGS for the 2024 fourth quarter release, and added information about two new input parameters for the Linux components:

STIG-Build-Linux-Low version 2024.4.x

  • RHEL 7 STIG Version 3 Release 15

  • RHEL 8 STIG Version 2 Release 1

  • RHEL 9 STIG Version 2 Release 2

  • Ubuntu 18.04 STIG Version 2 Release 15

  • Ubuntu 20.04 STIG Version 2 Release 1

  • Ubuntu 22.04 STIG Version 2 Release 2

STIG-Build-Linux-Medium version 2024.4.x

  • RHEL 7 STIG Version 3 Release 15

  • RHEL 8 STIG Version 2 Release 1

  • RHEL 9 STIG Version 2 Release 2

  • Ubuntu 18.04 STIG Version 2 Release 15

  • Ubuntu 20.04 STIG Version 2 Release 1

  • Ubuntu 22.04 STIG Version 2 Release 2

STIG-Build-Linux-High version 2024.4.x

  • RHEL 7 STIG Version 3 Release 15

  • RHEL 8 STIG Version 2 Release 1

  • RHEL 9 STIG Version 2 Release 2

  • Ubuntu 18.04 STIG Version 2 Release 15

  • Ubuntu 20.04 STIG Version 2 Release 1

  • Ubuntu 22.04 STIG Version 2 Release 2

There were no changes for Linux component STIGS for the 2024 third quarter release.

Updated STIG versions and applied STIGS for the 2024 second quarter release. Also added support for RHEL 9, CentOS Stream 9, and Ubuntu 22.04, as follows:

STIG-Build-Linux-Low version 2024.2.x

  • RHEL 7 STIG Version 3 Release 14

  • RHEL 8 STIG Version 1 Release 14

  • RHEL 9 STIG Version 1 Release 3

  • Ubuntu 18.04 STIG Version 2 Release 14

  • Ubuntu 20.04 STIG Version 1 Release 12

  • Ubuntu 22.04 STIG Version 1 Release 1

STIG-Build-Linux-Medium version 2024.2.x

  • RHEL 7 STIG Version 3 Release 14

  • RHEL 8 STIG Version 1 Release 14

  • RHEL 9 STIG Version 1 Release 3

  • Ubuntu 18.04 STIG Version 2 Release 14

  • Ubuntu 20.04 STIG Version 1 Release 12

  • Ubuntu 22.04 STIG Version 1 Release 1

STIG-Build-Linux-High version 2024.2.x

  • RHEL 7 STIG Version 3 Release 14

  • RHEL 8 STIG Version 1 Release 14

  • RHEL 9 STIG Version 1 Release 3

  • Ubuntu 18.04 STIG Version 2 Release 14

  • Ubuntu 20.04 STIG Version 1 Release 12

  • Ubuntu 22.04 STIG Version 1 Release 1

Updated STIG versions and applied STIGS for the 2024 first quarter release as follows:

STIG-Build-Linux-Low version 2024.1.x

  • RHEL 7 STIG Version 3 Release 14

  • RHEL 8 STIG Version 1 Release 13

  • Ubuntu 18.04 STIG Version 2 Release 13

  • Ubuntu 20.04 STIG Version 1 Release 11

STIG-Build-Linux-Medium version 2024.1.x

  • RHEL 7 STIG Version 3 Release 14

  • RHEL 8 STIG Version 1 Release 13

  • Ubuntu 18.04 STIG Version 2 Release 13

  • Ubuntu 20.04 STIG Version 1 Release 11

STIG-Build-Linux-High version 2024.1.x

  • RHEL 7 STIG Version 3 Release 14

  • RHEL 8 STIG Version 1 Release 13

  • Ubuntu 18.04 STIG Version 2 Release 13

  • Ubuntu 20.04 STIG Version 1 Release 11

Updated STIG versions and applied STIGS for the 2023 fourth quarter release as follows:

STIG-Build-Linux-Low version 2023.4.x

  • RHEL 7 STIG Version 3 Release 13

  • RHEL 8 STIG Version 1 Release 12

  • Ubuntu 18.04 STIG Version 2 Release 12

  • Ubuntu 20.04 STIG Version 1 Release 10

STIG-Build-Linux-Medium version 2023.4.x

  • RHEL 7 STIG Version 3 Release 13

  • RHEL 8 STIG Version 1 Release 12

  • Ubuntu 18.04 STIG Version 2 Release 12

  • Ubuntu 20.04 STIG Version 1 Release 10

STIG-Build-Linux-High version 2023.4.x

  • RHEL 7 STIG Version 3 Release 13

  • RHEL 8 STIG Version 1 Release 12

  • Ubuntu 18.04 STIG Version 2 Release 12

  • Ubuntu 20.04 STIG Version 1 Release 10

Updated STIG versions and applied STIGS for the 2023 third quarter release as follows:

Linux STIG Low (Category III)

  • RHEL 7 STIG Version 3 Release 12

  • RHEL 8 STIG Version 1 Release 11

  • Ubuntu 18.04 STIG Version 2 Release 11

  • Ubuntu 20.04 STIG Version 1 Release 9

Linux STIG Medium (Category II)

  • RHEL 7 STIG Version 3 Release 12

  • RHEL 8 STIG Version 1 Release 11

  • Ubuntu 18.04 STIG Version 2 Release 11

  • Ubuntu 20.04 STIG Version 1 Release 9

Linux STIG High (Category I)

  • RHEL 7 STIG Version 3 Release 12

  • RHEL 8 STIG Version 1 Release 11

  • Ubuntu 18.04 STIG Version 2 Release 11

  • Ubuntu 20.04 STIG Version 1 Release 9

Updated STIG versions and applied STIGS for the 2023 second quarter release as follows:

Linux STIG Low (Category III)

  • RHEL 7 STIG Version 3 Release 11

  • RHEL 8 STIG Version 1 Release 10

  • Ubuntu 18.04 STIG Version 2 Release 11

  • Ubuntu 20.04 STIG Version 1 Release 8

Linux STIG Medium (Category II)

  • RHEL 7 STIG Version 3 Release 11

  • RHEL 8 STIG Version 1 Release 10

  • Ubuntu 18.04 STIG Version 2 Release 11

  • Ubuntu 20.04 STIG Version 1 Release 8

Linux STIG High (Category I)

  • RHEL 7 STIG Version 3 Release 11

  • RHEL 8 STIG Version 1 Release 10

  • Ubuntu 18.04 STIG Version 2 Release 11

  • Ubuntu 20.04 STIG Version 1 Release 8

Updated STIG versions and applied STIGS for the 2023 first quarter release as follows:

Linux STIG Low (Category III)

  • RHEL 7 STIG Version 3 Release 10

  • RHEL 8 STIG Version 1 Release 9

  • Ubuntu 18.04 STIG Version 2 Release 10

  • Ubuntu 20.04 STIG Version 1 Release 7

Linux STIG Medium (Category II)

  • RHEL 7 STIG Version 3 Release 10

  • RHEL 8 STIG Version 1 Release 9

  • Ubuntu 18.04 STIG Version 2 Release 10

  • Ubuntu 20.04 STIG Version 1 Release 7

Linux STIG High (Category I)

  • RHEL 7 STIG Version 3 Release 10

  • RHEL 8 STIG Version 1 Release 9

  • Ubuntu 18.04 STIG Version 2 Release 10

  • Ubuntu 20.04 STIG Version 1 Release 7

Updated STIG versions and applied STIGS for the 2022 fourth quarter release as follows:

Linux STIG Low (Category III)

  • RHEL 7 STIG Version 3 Release 9

  • RHEL 8 STIG Version 1 Release 8

  • Ubuntu 18.04 STIG Version 2 Release 9

  • Ubuntu 20.04 STIG Version 1 Release 6

Linux STIG Medium (Category II)

  • RHEL 7 STIG Version 3 Release 9

  • RHEL 8 STIG Version 1 Release 8

  • Ubuntu 18.04 STIG Version 2 Release 9

  • Ubuntu 20.04 STIG Version 1 Release 6

Linux STIG High (Category I)

  • RHEL 7 STIG Version 3 Release 9

  • RHEL 8 STIG Version 1 Release 8

  • Ubuntu 18.04 STIG Version 2 Release 9

  • Ubuntu 20.04 STIG Version 1 Release 6

There were no changes for Linux component STIGS for the 2022 third quarter release.

Introduced Ubuntu support, updated STIG versions and applied STIGS for the 2022 second quarter release as follows:

Linux STIG Low (Category III)

  • RHEL 7 STIG Version 3 Release 7

  • RHEL 8 STIG Version 1 Release 6

  • Ubuntu 18.04 STIG Version 2 Release 6 (new)

  • Ubuntu 20.04 STIG Version 1 Release 4 (new)

Linux STIG Medium (Category II)

  • RHEL 7 STIG Version 3 Release 7

  • RHEL 8 STIG Version 1 Release 6

  • Ubuntu 18.04 STIG Version 2 Release 6 (new)

  • Ubuntu 20.04 STIG Version 1 Release 4 (new)

Linux STIG High (Category I)

  • RHEL 7 STIG Version 3 Release 7

  • RHEL 8 STIG Version 1 Release 6

  • Ubuntu 18.04 STIG Version 2 Release 6 (new)

  • Ubuntu 20.04 STIG Version 1 Release 4 (new)

Refactored to include better support for containers. Combined the previous AL2 script with RHEL 7. Updated STIG versions and applied STIGS for the 2022 first quarter release as follows:

Linux STIG Low (Category III)

  • RHEL 7 STIG Version 3 Release 6

  • RHEL 8 STIG Version 1 Release 5

Linux STIG Medium (Category II)

  • RHEL 7 STIG Version 3 Release 6

  • RHEL 8 STIG Version 1 Release 5

Linux STIG High (Category I)

  • RHEL 7 STIG Version 3 Release 6

  • RHEL 8 STIG Version 1 Release 5

Updated STIG versions, and applied STIGS for the 2021 fourth quarter release as follows:

Linux STIG Low (Category III)

  • RHEL 7 STIG Version 3 Release 5

  • RHEL 8 STIG Version 1 Release 4

Linux STIG Medium (Category II)

  • RHEL 7 STIG Version 3 Release 5

  • RHEL 8 STIG Version 1 Release 4

Linux STIG High (Category I)

  • RHEL 7 STIG Version 3 Release 5

  • RHEL 8 STIG Version 1 Release 4

Updated STIG versions, and applied STIGS for the 2021 third quarter release as follows:

Linux STIG Low (Category III)

  • RHEL 7 STIG Version 3 Release 4

  • RHEL 8 STIG Version 1 Release 3

Linux STIG Medium (Category II)

  • RHEL 7 STIG Version 3 Release 4

  • RHEL 8 STIG Version 1 Release 3

Linux STIG High (Category I)

  • RHEL 7 STIG Version 3 Release 4

  • RHEL 8 STIG Version 1 Release 3