CIS OS level benchmarks on New Amazon Inspector

Hello,

I understand that you have a requirement to perform CIS scans on EC2 resources.

The new Inspector currently does not support rulesets/packages unlike Inspector Classic. The new Inspector generates a risk score for each finding by correlating common vulnerabilities and exposures (CVE) information with network reachability results, exploitability data, and social media trends[1].

Now, with regards to your query, will the new Amazon Inspector offer CIS Operating System Security Configuration Benchmarks scans, the Inspector FAQ mentions the following[1]:

"No. While Amazon Inspector does not currently support CIS scans, this capability will be added in the future. However, you can continue to use the CIS scan rules package offered in Amazon Inspector Classic."

There is an active feature request with the Inspector service team to add support for CIS scans in the new Inspector. While I am unable to comment on when this feature may get released, I request you to keep an eye on our What's New[2] and Blog pages[3] for any new feature announcements.

Until then, as mentioned above you can continue using Inspector Classic for scans using CIS package.

[1] Inspector FAQ - https://aws.amazon.com/inspector/faqs/ [2] AWS News Blog - https://aws.amazon.com/blogs/aws/
[3] What's New with AWS - https://aws.amazon.com/new/