Amazon EC2 Windows Server AMIs for STIG compliance - Amazon Elastic Compute Cloud

Amazon EC2 Windows Server AMIs for STIG compliance

Security Technical Implementation Guides (STIGs) are the configuration standards created by the Defense Information Systems Agency (DISA) to secure information systems and software. DISA documents three levels of compliance risk, known as categories:

  • Category I — The highest level of risk. It covers the most severe risks, and includes any vulnerability that can result in a loss of confidentiality, availability, or integrity.

  • Category II — Medium risk.

  • Category III — Low risk.

Each compliance level includes all STIG settings from lower levels. This means that the highest level includes all applicable settings from all levels.

To ensure that your systems are compliant with STIG standards, you must install, configure, and test a variety of security settings. EC2 Windows Server AMIs for STIG Compliance are pre-configured with over 160 required security settings. STIG-compliant operating systems include Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019. The STIG-compliant AMIs include updated Department of Defense (DoD) certificates to help you get started and achieve STIG compliance. There are no additional charges for using STIG-compliant AMIs.

EC2 Windows Server AMIs for STIG compliance are available in all public AWS and GovCloud Regions. You can launch instances from these AMIs directly from the Amazon EC2 console. They are billed using standard Windows pricing.

You can find the STIG-compliant EC2 AMIs for Windows Server in the Community AMIs when you create an instance. The AMI names are as follows:

Note

The date suffix for the AMI (YYYY.MM.DD) is the date when the latest version was created. You can search for the version without the date suffix.

  • Windows_Server-2019-English-STIG-Full-YYYY.MM.DD

  • Windows_Server-2019-English-STIG-Core-YYYY.MM.DD

  • Windows_Server-2016-English-STIG-Full-YYYY.MM.DD

  • Windows_Server-2016-English-STIG-Core-YYYY.MM.DD

  • Windows_Server-2012-R2-English-STIG-Full-YYYY.MM.DD

  • Windows_Server-2012-R2-English-STIG-Core-YYYY.MM.DD

The following sections list the STIGs that are applied to Windows Operating Systems and components.

Core and base operating systems

STIG-compliant EC2 AMIs are designed for use as standalone servers, and have the highest level of STIG settings applied.

The following list contains STIG settings that apply for STIG-compliant Windows AMIs. Not all settings apply in all cases. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings apply, such as a requirement for administrators to review document settings. For more details about STIGs that apply to EC2 Windows AMIs, you can download our spreadsheet.

For a complete list of Windows STIGs, see the STIGs Document Library. For information about how to view the complete list, see How to View SRGs and STIGs.

This release includes the following STIG settings for Windows operating systems:

V-205625, V-205626, V-205627, V-205628, V-205629, V-205630, V-205631, V-205632, V-205633, V-205634, V-205635, V-205636, V-205637, V-205638, V-205639, V-205640, V-205641, V-205642, V-205643, V-205644, V-205645, V-205646, V-205647, V-205648, V-205649, V-205650, V-205651, V-205652, V-205653, V-205654, V-205655, V-205656, V-205657, V-205658, V-205659, V-205660, V-205661, V-205662, V-205663, V-205664, V-205665, V-205666, V-205667, V-205668, V-205669, V-205670, V-205671, V-205672, V-205673, V-205674, V-205675, V-205676, V-205677, V-205678, V-205679, V-205680, V-205681, V-205682, V-205683, V-205684, V-205685, V-205686, V-205687, V-205688, V-205689, V-205690, V-205691, V-205692, V-205693, V-205694, V-205695, V-205696, V-205697, V-205698, V-205699, V-205700, V-205701, V-205702, V-205703, V-205704, V-205705, V-205706, V-205707, V-205708, V-205709, V-205710, V-205711, V-205712, V-205713, V-205714, V-205715, V-205716, V-205717, V-205718, V-205719, V-205720, V-205721, V-205722, V-205723, V-205724, V-205725, V-205726, V-205727, V-205728, V-205729, V-205730, V-205731, V-205732, V-205733, V-205734, V-205735, V-205736, V-205737, V-205738, V-205739, V-205740, V-205741, V-205742, V-205743, V-205744, V-205745, V-205746, V-205747, V-205748, V-205749, V-205750, V-205751, V-205752, V-205753, V-205754, V-205755, V-205756, V-205757, V-205758, V-205759, V-205760, V-205761, V-205762, V-205763, V-205764, V-205765, V-205766, V-205767, V-205768, V-205769, V-205770, V-205771, V-205772, V-205773, V-205774, V-205775, V-205776, V-205777, V-205778, V-205779, V-205780, V-205781, V-205782, V-205783, V-205784, V-205785, V-205786, V-205787, V-205788, V-205789, V-205790, V-205791, V-205792, V-205793, V-205794, V-205795, V-205796, V-205797, V-205798, V-205799, V-205800, V-205801, V-205802, V-205803, V-205804, V-205805, V-205806, V-205807, V-205808, V-205809, V-205810, V-205811, V-205812, V-205813, V-205814, V-205815, V-205816, V-205817, V-205818, V-205819, V-205820, V-205821, V-205822, V-205823, V-205824, V-205825, V-205826, V-205827, V-205828, V-205829, V-205830, V-205832, V-205833, V-205834, V-205835, V-205836, V-205837, V-205838, V-205839, V-205840, V-205841, V-205842, V-205843, V-205844, V-205845, V-205846, V-205847, V-205848, V-205849, V-205850, V-205851, V-205852, V-205853, V-205854, V-205855, V-205856, V-205857, V-205858, V-205859, V-205860, V-205861, V-205862, V-205863, V-205864, V-205865, V-205866, V-205867, V-205868, V-205869, V-205870, V-205871, V-205872, V-205873, V-205874, V-205875, V-205876, V-205877, V-205882, V-205883, V-205884, V-205885, V-205886, V-205887, V-205888, V-205890, V-205892, V-205893, V-205894, V-205895, V-205896, V-205897, V-205898, V-205899, V-205900, V-205901, V-205902, V-205903, V-205904, V-205906, V-205907, V-205908, V-205909, V-205910, V-205911, V-205912, V-205913, V-205914, V-205915, V-205916, V-205917, V-205918, V-205919, V-205920, V-205921, V-205922, V-205923, V-205924, V-205925, V-214936, and V-236001

This release includes the following STIG settings for Windows operating systems:

V-224828, V-224832, V-224833, V-224834, V-224835, V-224850, V-224851, V-224852, V-224853, V-224854, V-224855, V-224856, V-224857, V-224858, V-224859, V-224866, V-224867, V-224868, V-224869, V-224870, V-224871, V-224872, V-224873, V-224874, V-224877, V-224878, V-224879, V-224880, V-224881, V-224882, V-224883, V-224884, V-224885, V-224886, V-224887, V-224888, V-224889, V-224890, V-224891, V-224892, V-224893, V-224894, V-224895, V-224896, V-224897, V-224898, V-224899, V-224900, V-224901, V-224902, V-224903, V-224904, V-224905, V-224906, V-224907, V-224908, V-224909, V-224910, V-224911, V-224912, V-224913, V-224914, V-224915, V-224916, V-224917, V-224918, V-224919, V-224920, V-224922, V-224924, V-224925, V-224926, V-224927, V-224928, V-224929, V-224930, V-224931, V-224932, V-224933, V-224934, V-224935, V-224936, V-224937, V-224938, V-224939, V-224940, V-224941, V-224942, V-224943, V-224944, V-224945, V-224946, V-224947, V-224948, V-224949, V-224951, V-224952, V-224953, V-224954, V-224955, V-224956, V-224957, V-224958, V-224959, V-224960, V-224961, V-224962, V-224963, V-225010, V-225013, V-225014, V-225015, V-225016, V-225017, V-225018, V-225019, V-225020, V-225021, V-225022, V-225023, V-225024, V-225025, V-225028, V-225029, V-225030, V-225031, V-225032, V-225033, V-225034, V-225035, V-225038, V-225039, V-225040, V-225041, V-225042, V-225043, V-225044, V-225045, V-225046, V-225047, V-225048, V-225049, V-225050, V-225051, V-225052, V-225053, V-225054, V-225055, V-225056, V-225057, V-225058, V-225060, V-225061, V-225062, V-225063, V-225064, V-225065, V-225066, V-225067, V-225068, V-225069, V-225070, V-225071, V-225072, V-225073, V-225074, V-225076, V-225077, V-225078, V-225079, V-225080, V-225081, V-225082, V-225083, V-225084, V-225085, V-225086, V-225087, V-225088, V-225089, V-225091, V-225092, V-225093, and V-236000

This release includes the following STIG settings for Windows operating systems:

V-225574, V-225573, V-225572, V-225571, V-225570, V-225569, V-225568, V-225567, V-225566, V-225565, V-225564, V-225563, V-225562, V-225561, V-225560, V-225559, V-225558, V-225557, V-225556, V-225555, V-225554, V-225553, V-225552, V-225551, V-225550, V-225549, V-225548, V-225547, V-225546, V-225545, V-225544, V-225543, V-225542, V-225541, V-225540, V-225539, V-225538, V-225537, V-225536, V-225535, V-225534, V-225533, V-225532, V-225531, V-225530, V-225529, V-225528, V-225527, V-225526, V-225525, V-225524, V-225523, V-225522, V-225521, V-225520, V-225519, V-225518, V-225517, V-225516, V-225515, V-225514, V-225513, V-225512, V-225511, V-225510, V-225509, V-225508, V-225507, V-225506, V-225505, V-225504, V-225503, V-225502, V-225501, V-225500, V-225499, V-225498, V-225497, V-225496, V-225495, V-225494, V-225493, V-225492, V-225491, V-225490, V-225489, V-225488, V-225487, V-225486, V-225485, V-225484, V-225483, V-225482, V-225481, V-225480, V-225479, V-225478, V-225477, V-225476, V-225475, V-225474, V-225473, V-225472, V-225471, V-225470, V-225469, V-225468, V-225467, V-225466, V-225465, V-225464, V-225463, V-225462, V-225461, V-225460, V-225459, V-225458, V-225457, V-225456, V-225455, V-225454, V-225453, V-225452, V-225451, V-225450, V-225449, V-225448, V-225447, V-225446, V-225445, V-225444, V-225443, V-225442, V-225441, V-225440, V-225439, V-225438, V-225437, V-225436, V-225435, V-225434, V-225433, V-225432, V-225431, V-225430, V-225429, V-225428, V-225427, V-225426, V-225425, V-225424, V-225423, V-225422, V-225421, V-225420, V-225419, V-225418, V-225417, V-225416, V-225415, V-225414, V-225413, V-225412, V-225411, V-225410, V-225409, V-225408, V-225407, V-225406, V-225405, V-225404, V-225402, V-225401, V-225400, V-225399, V-225398, V-225397, V-225396, V-225395, V-225394, V-225393, V-225392, V-225391, V-225390, V-225389, V-225388, V-225387, V-225386, V-225385, V-225384, V-225383, V-225382, V-225381, V-225380, V-225379, V-225378, V-225377, V-225376, V-225375, V-225374, V-225373, V-225372, V-225371, V-225370, V-225369, V-225368, V-225367, V-225366, V-225365, V-225364, V-225363, V-225362, V-225361, V-225360, V-225359, V-225358, V-225357, V-225356, V-225355, V-225354, V-225353, V-225352, V-225351, V-225350, V-225349, V-225348, V-225347, V-225346, V-225345, V-225344, V-225343, V-225342, V-225341, V-225340, V-225339, V-225338, V-225337, V-225336, V-225335, V-225334, V-225333, V-225332, V-225331, V-225330, V-225329, V-225328, V-225327, V-225326, V-225325, V-225324, V-225319, V-225318, V-225317, V-225316, V-225315, V-225314, V-225313, V-225312, V-225311, V-225310, V-225309, V-225308, V-225307, V-225306, V-225305, V-225304, V-225303, V-225302, V-225301, V-225300, V-225299, V-225298, V-225297, V-225296, V-225295, V-225294, V-225293, V-225292, V-225291, V-225290, V-225289, V-225288, V-225287, V-225286, V-225285, V-225284, V-225283, V-225282, V-225281, V-225280, V-225279, V-225278, V-225277, V-225276, V-225275, V-225274, V-225273, V-225272, V-225271, V-225270, V-225269, V-225268, V-225267, V-225266, V-225265, V-225264, V-225263, V-225262, V-225261, V-225260, V-225259, V-225258, V-225257, V-225256, V-225255, V-225254, V-225253, V-225252, V-225251, V-225250, V-225249, V-225248, V-225247, V-225246, V-225245, V-225244, V-225243, V-225242, V-225241, V-225240, and V-225239

Microsoft .NET Framework 4.0 STIG V2 Release 1

The following list contains STIG settings that apply to Windows operating system components for STIG-compliant EC2 AMIs. The following list contains STIG settings that apply for STIG-compliant Windows AMIs. Not all settings apply in all cases. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings apply, such as a requirement for administrators to review document settings. For more details about STIGs that apply to EC2 Windows AMIs, you can download our spreadsheet.

For a complete list of Windows STIGs, see the STIGs Document Library. For information about how to view the complete list, see How to View SRGs and STIGs.

.NET Framework on Windows Server 2019, 2016, and 2012 R2 MS

V-225238

Windows Firewall STIG V2 Release 1

The following list contains STIG settings that apply to Windows operating system components for STIG-compliant EC2 AMIs. The following list contains STIG settings that apply for STIG-compliant Windows AMIs. Not all settings apply in all cases. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings apply, such as a requirement for administrators to review document settings. For more details about STIGs that apply to EC2 Windows AMIs, you can download our spreadsheet.

For a complete list of Windows STIGs, see the STIGs Document Library. For information about how to view the complete list, see How to View SRGs and STIGs.

Windows Firewall on Windows Server 2019, 2016, and 2012 R2 MS

V-241989, V-241990, V-241991, V-241992, V-241993, V-241994, V-241995, V-241996, V-241997, V-241998, V-241999, V-242000, V-242001, V-242002, V-242003, V-242004, V-242005, V-242006, V-242007, and V-242008

Internet Explorer (IE) 11 STIG V1 Release 19

The following list contains STIG settings that apply to Windows operating system components for STIG-compliant EC2 AMIs. The following list contains STIG settings that apply for STIG-compliant Windows AMIs. Not all settings apply in all cases. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings apply, such as a requirement for administrators to review document settings. For more details about STIGs that apply to EC2 Windows AMIs, you can download our spreadsheet.

For a complete list of Windows STIGs, see the STIGs Document Library. For information about how to view the complete list, see How to View SRGs and STIGs.

IE 11 on Windows Server 2019, 2016, and 2012 R2 MS

V-46473, V-46475, V-46477, V-46481, V-46483, V-46501, V-46507, V-46509, V-46511, V-46513, V-46515, V-46517, V-46521, V-46523, V-46525, V-46543, V-46545, V-46547, V-46549, V-46553, V-46555, V-46573, V-46575, V-46577, V-46579, V-46581, V-46583, V-46587, V-46589, V-46591, V-46593, V-46597, V-46599, V-46601, V-46603, V-46605, V-46607, V-46609, V-46615, V-46617, V-46619, V-46621, V-46625, V-46629, V-46633, V-46635, V-46637, V-46639, V-46641, V-46643, V-46645, V-46647, V-46649, V-46653, V-46663, V-46665, V-46669, V-46681, V-46685, V-46689, V-46691, V-46693, V-46695, V-46701, V-46705, V-46709, V-46711, V-46713, V-46715, V-46717, V-46719, V-46721, V-46723, V-46725, V-46727, V-46729, V-46731, V-46733, V-46779, V-46781, V-46787, V-46789, V-46791, V-46797, V-46799, V-46801, V-46807, V-46811, V-46815, V-46819, V-46829, V-46841, V-46847, V-46849, V-46853, V-46857, V-46859, V-46861, V-46865, V-46869, V-46879, V-46883, V-46885, V-46889, V-46893, V-46895, V-46897, V-46903, V-46907, V-46921, V-46927, V-46939, V-46975, V-46981, V-46987, V-46995, V-46997, V-46999, V-47003, V-47005, V-47009, V-64711, V-64713, V-64715, V-64717, V-64719, V-64721, V-64723, V-64725, V-64729, V-72757, V-72759, V-72761, V-72763, V-75169, V-75171, and V-97527

Version history

The following table provides version history updates for STIG settings that are applied to Windows operating systems and Windows components.

Date AMIs Details
07/21/2022

Windows Server 2019 STIG V2 R4

Windows Server 2016 STIG V2 R4

Windows Server 2012 R2 MS STIG V3 R3

Microsoft .NET Framework 4.0 STIG V2 R1

Windows Firewall STIG V2 R1

Internet Explorer 11 STIG V1 R19

AMIs released with updated versions where applicable, and applied STIGs.
12/15/2021

Windows Server 2019 STIG V2 R3

Windows Server 2016 STIG V2 R3

Windows Server 2012 R2 STIG V3 R3

Microsoft .NET Framework 4.0 STIG V2 R1

Windows Firewall STIG V2 R1

Internet Explorer 11 STIG V1 R19

AMIs released with updated versions where applicable, and applied STIGs.
6/9/2021

Windows Server 2019 STIG V2 R2

Windows Server 2016 STIG V2 R2

Windows Server 2012 R2 STIG V3 R2

Microsoft .NET Framework 4.0 STIG V2 R1

Windows Firewall STIG V1 R7

Internet Explorer 11 STIG V1 R19

Updated versions where applicable, and applied STIGs.
4/5/2021

Windows Server 2019 STIG V2 R 1

Windows Server 2016 STIG V2 R 1

Windows Server 2012 R2 STIG V3 R 1

Microsoft .NET Framework 4.0 STIG V2 R 1

Windows Firewall STIG V1 R 7

Internet Explorer 11 STIG V1 R 19

Updated versions where applicable, and applied STIGs.
9/18/2020

Windows Server 2019 STIG V1 R 5

Windows Server 2016 STIG V1 R 12

Windows Server 2012 R2 STIG V2 R 19

Internet Explorer 11 STIG V1 R 19

Microsoft .NET Framework 4.0 STIG V1 R 9

Windows Firewall STIG V1 R 7

Updated versions and applied STIGs.
12/6/2019

Server 2012 R2 Core and Base V2 R17

Server 2016 Core and Base V1 R11

Internet Explorer 11 V1 R18

Microsoft .NET Framework 4.0 V1 R9

Windows Firewall STIG V1 R17

Updated versions and applied STIGs.
9/17/2019

Server 2012 R2 Core and Base V2 R16

Server 2016 Core and Base V1 R9

Server 2019 Core and Base V1 R2

Internet Explorer 11 V1 R17

Microsoft .NET Framework 4.0 V1 R8

Initial release.