Amazon EC2 Windows Server AMIs for STIG compliance
Security Technical Implementation Guides (STIGs) are the configuration standards created by the Defense Information Systems Agency (DISA) to secure information systems and software. DISA documents three levels of compliance risk, known as categories:
-
Category I — The highest level of risk. It covers the most severe risks, and includes any vulnerability that can result in a loss of confidentiality, availability, or integrity.
-
Category II — Medium risk.
-
Category III — Low risk.
Each compliance level includes all STIG settings from lower levels. This means that the highest level includes all applicable settings from all levels.
To ensure that your systems are compliant with STIG standards, you must install, configure, and test a variety of security settings. EC2 Windows Server AMIs for STIG Compliance are pre-configured with over 160 required security settings. STIG-compliant operating systems include Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019. The STIG-compliant AMIs include updated Department of Defense (DoD) certificates to help you get started and achieve STIG compliance. There are no additional charges for using STIG-compliant AMIs.
EC2 Windows Server AMIs for STIG compliance are available in all public AWS and GovCloud Regions. You can launch instances from these AMIs directly from the Amazon EC2 console. They are billed using standard Windows pricing.
You can find the STIG-compliant EC2 AMIs for Windows Server in the Community AMIs when you create an instance. The AMI names are as follows:
The date suffix for the AMI (YYYY.MM.DD
) is the date when
the latest version was created. You can search for the version without the date
suffix.
-
Windows_Server-2019-English-STIG-Full-
YYYY.MM.DD
-
Windows_Server-2019-English-STIG-Core-
YYYY.MM.DD
-
Windows_Server-2016-English-STIG-Full-
YYYY.MM.DD
-
Windows_Server-2016-English-STIG-Core-
YYYY.MM.DD
-
Windows_Server-2012-R2-English-STIG-Full-
YYYY.MM.DD
-
Windows_Server-2012-R2-English-STIG-Core-
YYYY.MM.DD
The following sections list the STIGs that are applied to Windows Operating Systems and components.
Topics
Core and base operating systems
STIG-compliant EC2 AMIs are designed for use as standalone servers, and have the highest level of STIG settings applied.
The following list contains STIG settings that apply for STIG-compliant
Windows AMIs. Not all settings apply in all cases. For example, some STIG settings might
not apply to standalone servers. Organization-specific policies can also affect which
settings apply, such as a requirement for administrators to review document settings.
For more details about STIGs that apply to EC2 Windows AMIs, you can download our
spreadsheet
For a complete list of Windows STIGs, see the STIGs
Document Library
This release includes the following STIG settings for Windows operating systems:
V-205625, V-205626, V-205627, V-205628, V-205629, V-205630, V-205631, V-205632, V-205633, V-205634, V-205635, V-205636, V-205637, V-205638, V-205639, V-205640, V-205641, V-205642, V-205643, V-205644, V-205645, V-205646, V-205647, V-205648, V-205649, V-205650, V-205651, V-205652, V-205653, V-205654, V-205655, V-205656, V-205657, V-205658, V-205659, V-205660, V-205661, V-205662, V-205663, V-205664, V-205665, V-205666, V-205667, V-205668, V-205669, V-205670, V-205671, V-205672, V-205673, V-205674, V-205675, V-205676, V-205677, V-205678, V-205679, V-205680, V-205681, V-205682, V-205683, V-205684, V-205685, V-205686, V-205687, V-205688, V-205689, V-205690, V-205691, V-205692, V-205693, V-205694, V-205695, V-205696, V-205697, V-205698, V-205699, V-205700, V-205701, V-205702, V-205703, V-205704, V-205705, V-205706, V-205707, V-205708, V-205709, V-205710, V-205711, V-205712, V-205713, V-205714, V-205715, V-205716, V-205717, V-205718, V-205719, V-205720, V-205721, V-205722, V-205723, V-205724, V-205725, V-205726, V-205727, V-205728, V-205729, V-205730, V-205731, V-205732, V-205733, V-205734, V-205735, V-205736, V-205737, V-205738, V-205739, V-205740, V-205741, V-205742, V-205743, V-205744, V-205745, V-205746, V-205747, V-205748, V-205749, V-205750, V-205751, V-205752, V-205753, V-205754, V-205755, V-205756, V-205757, V-205758, V-205759, V-205760, V-205761, V-205762, V-205763, V-205764, V-205765, V-205766, V-205767, V-205768, V-205769, V-205770, V-205771, V-205772, V-205773, V-205774, V-205775, V-205776, V-205777, V-205778, V-205779, V-205780, V-205781, V-205782, V-205783, V-205784, V-205785, V-205786, V-205787, V-205788, V-205789, V-205790, V-205791, V-205792, V-205793, V-205794, V-205795, V-205796, V-205797, V-205798, V-205799, V-205800, V-205801, V-205802, V-205803, V-205804, V-205805, V-205806, V-205807, V-205808, V-205809, V-205810, V-205811, V-205812, V-205813, V-205814, V-205815, V-205816, V-205817, V-205818, V-205819, V-205820, V-205821, V-205822, V-205823, V-205824, V-205825, V-205826, V-205827, V-205828, V-205829, V-205830, V-205832, V-205833, V-205834, V-205835, V-205836, V-205837, V-205838, V-205839, V-205840, V-205841, V-205842, V-205843, V-205844, V-205845, V-205846, V-205847, V-205848, V-205849, V-205850, V-205851, V-205852, V-205853, V-205854, V-205855, V-205856, V-205857, V-205858, V-205859, V-205860, V-205861, V-205862, V-205863, V-205864, V-205865, V-205866, V-205867, V-205868, V-205869, V-205870, V-205871, V-205872, V-205873, V-205874, V-205875, V-205876, V-205877, V-205882, V-205883, V-205884, V-205885, V-205886, V-205887, V-205888, V-205890, V-205892, V-205893, V-205894, V-205895, V-205896, V-205897, V-205898, V-205899, V-205900, V-205901, V-205902, V-205903, V-205904, V-205906, V-205907, V-205908, V-205909, V-205910, V-205911, V-205912, V-205913, V-205914, V-205915, V-205916, V-205917, V-205918, V-205919, V-205920, V-205921, V-205922, V-205923, V-205924, V-205925, V-214936, and V-236001
This release includes the following STIG settings for Windows operating systems:
V-224828, V-224832, V-224833, V-224834, V-224835, V-224850, V-224851, V-224852, V-224853, V-224854, V-224855, V-224856, V-224857, V-224858, V-224859, V-224866, V-224867, V-224868, V-224869, V-224870, V-224871, V-224872, V-224873, V-224874, V-224877, V-224878, V-224879, V-224880, V-224881, V-224882, V-224883, V-224884, V-224885, V-224886, V-224887, V-224888, V-224889, V-224890, V-224891, V-224892, V-224893, V-224894, V-224895, V-224896, V-224897, V-224898, V-224899, V-224900, V-224901, V-224902, V-224903, V-224904, V-224905, V-224906, V-224907, V-224908, V-224909, V-224910, V-224911, V-224912, V-224913, V-224914, V-224915, V-224916, V-224917, V-224918, V-224919, V-224920, V-224922, V-224924, V-224925, V-224926, V-224927, V-224928, V-224929, V-224930, V-224931, V-224932, V-224933, V-224934, V-224935, V-224936, V-224937, V-224938, V-224939, V-224940, V-224941, V-224942, V-224943, V-224944, V-224945, V-224946, V-224947, V-224948, V-224949, V-224951, V-224952, V-224953, V-224954, V-224955, V-224956, V-224957, V-224958, V-224959, V-224960, V-224961, V-224962, V-224963, V-225010, V-225013, V-225014, V-225015, V-225016, V-225017, V-225018, V-225019, V-225020, V-225021, V-225022, V-225023, V-225024, V-225025, V-225028, V-225029, V-225030, V-225031, V-225032, V-225033, V-225034, V-225035, V-225038, V-225039, V-225040, V-225041, V-225042, V-225043, V-225044, V-225045, V-225046, V-225047, V-225048, V-225049, V-225050, V-225051, V-225052, V-225053, V-225054, V-225055, V-225056, V-225057, V-225058, V-225060, V-225061, V-225062, V-225063, V-225064, V-225065, V-225066, V-225067, V-225068, V-225069, V-225070, V-225071, V-225072, V-225073, V-225074, V-225076, V-225077, V-225078, V-225079, V-225080, V-225081, V-225082, V-225083, V-225084, V-225085, V-225086, V-225087, V-225088, V-225089, V-225091, V-225092, V-225093, and V-236000
This release includes the following STIG settings for Windows operating systems:
V-225574, V-225573, V-225572, V-225571, V-225570, V-225569, V-225568, V-225567, V-225566, V-225565, V-225564, V-225563, V-225562, V-225561, V-225560, V-225559, V-225558, V-225557, V-225556, V-225555, V-225554, V-225553, V-225552, V-225551, V-225550, V-225549, V-225548, V-225547, V-225546, V-225545, V-225544, V-225543, V-225542, V-225541, V-225540, V-225539, V-225538, V-225537, V-225536, V-225535, V-225534, V-225533, V-225532, V-225531, V-225530, V-225529, V-225528, V-225527, V-225526, V-225525, V-225524, V-225523, V-225522, V-225521, V-225520, V-225519, V-225518, V-225517, V-225516, V-225515, V-225514, V-225513, V-225512, V-225511, V-225510, V-225509, V-225508, V-225507, V-225506, V-225505, V-225504, V-225503, V-225502, V-225501, V-225500, V-225499, V-225498, V-225497, V-225496, V-225495, V-225494, V-225493, V-225492, V-225491, V-225490, V-225489, V-225488, V-225487, V-225486, V-225485, V-225484, V-225483, V-225482, V-225481, V-225480, V-225479, V-225478, V-225477, V-225476, V-225475, V-225474, V-225473, V-225472, V-225471, V-225470, V-225469, V-225468, V-225467, V-225466, V-225465, V-225464, V-225463, V-225462, V-225461, V-225460, V-225459, V-225458, V-225457, V-225456, V-225455, V-225454, V-225453, V-225452, V-225451, V-225450, V-225449, V-225448, V-225447, V-225446, V-225445, V-225444, V-225443, V-225442, V-225441, V-225440, V-225439, V-225438, V-225437, V-225436, V-225435, V-225434, V-225433, V-225432, V-225431, V-225430, V-225429, V-225428, V-225427, V-225426, V-225425, V-225424, V-225423, V-225422, V-225421, V-225420, V-225419, V-225418, V-225417, V-225416, V-225415, V-225414, V-225413, V-225412, V-225411, V-225410, V-225409, V-225408, V-225407, V-225406, V-225405, V-225404, V-225402, V-225401, V-225400, V-225399, V-225398, V-225397, V-225396, V-225395, V-225394, V-225393, V-225392, V-225391, V-225390, V-225389, V-225388, V-225387, V-225386, V-225385, V-225384, V-225383, V-225382, V-225381, V-225380, V-225379, V-225378, V-225377, V-225376, V-225375, V-225374, V-225373, V-225372, V-225371, V-225370, V-225369, V-225368, V-225367, V-225366, V-225365, V-225364, V-225363, V-225362, V-225361, V-225360, V-225359, V-225358, V-225357, V-225356, V-225355, V-225354, V-225353, V-225352, V-225351, V-225350, V-225349, V-225348, V-225347, V-225346, V-225345, V-225344, V-225343, V-225342, V-225341, V-225340, V-225339, V-225338, V-225337, V-225336, V-225335, V-225334, V-225333, V-225332, V-225331, V-225330, V-225329, V-225328, V-225327, V-225326, V-225325, V-225324, V-225319, V-225318, V-225317, V-225316, V-225315, V-225314, V-225313, V-225312, V-225311, V-225310, V-225309, V-225308, V-225307, V-225306, V-225305, V-225304, V-225303, V-225302, V-225301, V-225300, V-225299, V-225298, V-225297, V-225296, V-225295, V-225294, V-225293, V-225292, V-225291, V-225290, V-225289, V-225288, V-225287, V-225286, V-225285, V-225284, V-225283, V-225282, V-225281, V-225280, V-225279, V-225278, V-225277, V-225276, V-225275, V-225274, V-225273, V-225272, V-225271, V-225270, V-225269, V-225268, V-225267, V-225266, V-225265, V-225264, V-225263, V-225262, V-225261, V-225260, V-225259, V-225258, V-225257, V-225256, V-225255, V-225254, V-225253, V-225252, V-225251, V-225250, V-225249, V-225248, V-225247, V-225246, V-225245, V-225244, V-225243, V-225242, V-225241, V-225240, and V-225239
Microsoft .NET Framework 4.0 STIG V2 Release 1
The following list contains STIG settings that apply to
Windows operating system components for STIG-compliant EC2 AMIs. The following list contains STIG settings that apply for STIG-compliant
Windows AMIs. Not all settings apply in all cases. For example, some STIG settings might
not apply to standalone servers. Organization-specific policies can also affect which
settings apply, such as a requirement for administrators to review document settings.
For more details about STIGs that apply to EC2 Windows AMIs, you can download our
spreadsheet
For a complete list of Windows STIGs, see the STIGs
Document Library
.NET Framework on Windows Server 2019, 2016, and 2012 R2 MS
V-225238
Windows Firewall STIG V2 Release 1
The following list contains STIG settings that apply to
Windows operating system components for STIG-compliant EC2 AMIs. The following list contains STIG settings that apply for STIG-compliant
Windows AMIs. Not all settings apply in all cases. For example, some STIG settings might
not apply to standalone servers. Organization-specific policies can also affect which
settings apply, such as a requirement for administrators to review document settings.
For more details about STIGs that apply to EC2 Windows AMIs, you can download our
spreadsheet
For a complete list of Windows STIGs, see the STIGs
Document Library
Windows Firewall on Windows Server 2019, 2016, and 2012 R2 MS
V-241989, V-241990, V-241991, V-241992, V-241993, V-241994, V-241995, V-241996, V-241997, V-241998, V-241999, V-242000, V-242001, V-242002, V-242003, V-242004, V-242005, V-242006, V-242007, and V-242008
Internet Explorer (IE) 11 STIG V1 Release 19
The following list contains STIG settings that apply to
Windows operating system components for STIG-compliant EC2 AMIs. The following list contains STIG settings that apply for STIG-compliant
Windows AMIs. Not all settings apply in all cases. For example, some STIG settings might
not apply to standalone servers. Organization-specific policies can also affect which
settings apply, such as a requirement for administrators to review document settings.
For more details about STIGs that apply to EC2 Windows AMIs, you can download our
spreadsheet
For a complete list of Windows STIGs, see the STIGs
Document Library
IE 11 on Windows Server 2019, 2016, and 2012 R2 MS
V-46473, V-46475, V-46477, V-46481, V-46483, V-46501, V-46507, V-46509, V-46511, V-46513, V-46515, V-46517, V-46521, V-46523, V-46525, V-46543, V-46545, V-46547, V-46549, V-46553, V-46555, V-46573, V-46575, V-46577, V-46579, V-46581, V-46583, V-46587, V-46589, V-46591, V-46593, V-46597, V-46599, V-46601, V-46603, V-46605, V-46607, V-46609, V-46615, V-46617, V-46619, V-46621, V-46625, V-46629, V-46633, V-46635, V-46637, V-46639, V-46641, V-46643, V-46645, V-46647, V-46649, V-46653, V-46663, V-46665, V-46669, V-46681, V-46685, V-46689, V-46691, V-46693, V-46695, V-46701, V-46705, V-46709, V-46711, V-46713, V-46715, V-46717, V-46719, V-46721, V-46723, V-46725, V-46727, V-46729, V-46731, V-46733, V-46779, V-46781, V-46787, V-46789, V-46791, V-46797, V-46799, V-46801, V-46807, V-46811, V-46815, V-46819, V-46829, V-46841, V-46847, V-46849, V-46853, V-46857, V-46859, V-46861, V-46865, V-46869, V-46879, V-46883, V-46885, V-46889, V-46893, V-46895, V-46897, V-46903, V-46907, V-46921, V-46927, V-46939, V-46975, V-46981, V-46987, V-46995, V-46997, V-46999, V-47003, V-47005, V-47009, V-64711, V-64713, V-64715, V-64717, V-64719, V-64721, V-64723, V-64725, V-64729, V-72757, V-72759, V-72761, V-72763, V-75169, V-75171, and V-97527
Version history
The following table provides version history updates for STIG settings that are applied to Windows operating systems and Windows components.
Date | AMIs | Details |
---|---|---|
07/21/2022 |
Windows Server 2019 STIG V2 R4 Windows Server 2016 STIG V2 R4 Windows Server 2012 R2 MS STIG V3 R3 Microsoft .NET Framework 4.0 STIG V2 R1 Windows Firewall STIG V2 R1 Internet Explorer 11 STIG V1 R19 |
AMIs released with updated versions where applicable, and applied STIGs. |
12/15/2021 |
Windows Server 2019 STIG V2 R3 Windows Server 2016 STIG V2 R3 Windows Server 2012 R2 STIG V3 R3 Microsoft .NET Framework 4.0 STIG V2 R1 Windows Firewall STIG V2 R1 Internet Explorer 11 STIG V1 R19 |
AMIs released with updated versions where applicable, and applied STIGs. |
6/9/2021 |
Windows Server 2019 STIG V2 R2 Windows Server 2016 STIG V2 R2 Windows Server 2012 R2 STIG V3 R2 Microsoft .NET Framework 4.0 STIG V2 R1 Windows Firewall STIG V1 R7 Internet Explorer 11 STIG V1 R19 |
Updated versions where applicable, and applied STIGs. |
4/5/2021 |
Windows Server 2019 STIG V2 R 1 Windows Server 2016 STIG V2 R 1 Windows Server 2012 R2 STIG V3 R 1 Microsoft .NET Framework 4.0 STIG V2 R 1 Windows Firewall STIG V1 R 7 Internet Explorer 11 STIG V1 R 19 |
Updated versions where applicable, and applied STIGs. |
9/18/2020 |
Windows Server 2019 STIG V1 R 5 Windows Server 2016 STIG V1 R 12 Windows Server 2012 R2 STIG V2 R 19 Internet Explorer 11 STIG V1 R 19 Microsoft .NET Framework 4.0 STIG V1 R 9 Windows Firewall STIG V1 R 7 |
Updated versions and applied STIGs. |
12/6/2019 | Server 2012 R2 Core and Base V2 R17 Server 2016 Core and Base V1 R11 Internet Explorer 11 V1 R18 Microsoft .NET Framework 4.0 V1 R9 Windows Firewall STIG V1 R17 |
Updated versions and applied STIGs. |
9/17/2019 | Server 2012 R2 Core and Base V2 R16 Server 2016 Core and Base V1 R9 Server 2019 Core and Base V1 R2 Internet Explorer 11 V1 R17 Microsoft .NET Framework 4.0 V1 R8 |
Initial release. |