STIG Hardened AWS Windows Server AMIs - AWS Windows AMIs
Core and base operating systemsMicrosoft .NET Framework 4.0 STIG Version 2 Release 2WindowsFirewall STIG Version 2 Release 1Internet Explorer (IE) 11 STIG Version 2 Release 3Microsoft Edge STIG Version 1 Release 6Microsoft Defender STIG Version 2 Release 4Version history

STIG Hardened AWS Windows Server AMIs

Security Technical Implementation Guides (STIGs) are the configuration standards created by the Defense Information Systems Agency (DISA) to secure information systems and software. DISA documents three levels of compliance risk, known as categories:

  • Category I — The highest level of risk. It covers the most severe risks, and includes any vulnerability that can result in a loss of confidentiality, availability, or integrity.

  • Category II — Medium risk.

  • Category III — Low risk.

Each compliance level includes all STIG settings from lower levels. This means that the highest level includes all applicable settings from all levels.

To ensure that your systems are compliant with STIG standards, you must install, configure, and test a variety of security settings. STIG Hardened EC2 Windows Server AMIs are pre-configured with over 160 required security settings. Amazon EC2 supports the following operating systems for STIG Hardened AMIs:

  • Windows Server 2022

  • Windows Server 2019

  • Windows Server 2016

  • Windows Server 2012 R2

The STIG Hardened AMIs include updated Department of Defense (DoD) certificates to help you get started and achieve STIG compliance. STIG Hardened AMIs are available in all commercial AWS and GovCloud (US) Regions. You can launch instances from these AMIs directly from the Amazon EC2 console. They are billed using standard Windowspricing. There are no additional charges for using STIG Hardened AMIs.

You can find the STIG Hardened EC2 Windows Server AMIs in the Community AMIs when you launch an instance, as follows.

Launch an EC2 instance with a STIG Hardened Windows Server AMI

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. Choose Instances from the navigation pane. This opens a list of your EC2 instances in the current AWS Region.

  3. Choose Launch instances from the upper right corner above the list. This opens the Launch an instance page.

  4. To find a STIG Hardened AMI, choose Browse more AMIs on the right side of the Application and OS Images (Amazon Machine Image) section. This displays an advanced AMI search.

  5. Select the Community AMIs tab, and enter part or all of one of the following name patterns in the search bar. Our AMIs indicate that they are "provided by Amazon."

    Note

    The date suffix for the AMI (YYYY.MM.DD) is the date when the latest version was created. You can search for the version without the date suffix.

    Name patterns for STIG Hardened AMI names

    • Windows_Server-2022-English-STIG-Full-YYYY.MM.DD

    • Windows_Server-2022-English-STIG-Core-YYYY.MM.DD

    • Windows_Server-2019-English-STIG-Full-YYYY.MM.DD

    • Windows_Server-2019-English-STIG-Core-YYYY.MM.DD

    • Windows_Server-2016-English-STIG-Full-YYYY.MM.DD

    • Windows_Server-2016-English-STIG-Core-YYYY.MM.DD

    • Windows_Server-2012-R2-English-STIG-Full-YYYY.MM.DD

    • Windows_Server-2012-R2-English-STIG-Core-YYYY.MM.DD

The following sections list the STIG settings that Amazon applies to WindowsOperating Systems and components.

Core and base operating systems

STIG Hardened EC2 AMIs are designed for use as standalone servers, and have the highest level of STIG settings applied.

The following list contains STIG settings that apply for STIG Hardened Windows AMIs. Not all settings apply in all cases. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings apply, such as a requirement for administrators to review document settings.

For a complete list of Windows STIGs, see the STIGs Document Library. For information about how to view the complete list, see STIG Viewing Tools.

This release includes the following STIG settings for Windows operating systems:

V-254247, V-254265, V-254269, V-254270, V-254271, V-254272, V-254273, V-254274, V-254276, V-254277, V-254278, V-254285, V-254286, V-254287, V-254288, V-254289, V-254290, V-254291, V-254292, V-254293, V-254300, V-254301, V-254302, V-254303, V-254304, V-254305, V-254306, V-254307, V-254308, V-254309, V-254310, V-254311, V-254312, V-254313, V-254314, V-254315, V-254316, V-254317, V-254318, V-254319, V-254320, V-254321, V-254322, V-254323, V-254324, V-254325, V-254326, V-254327, V-254328, V-254329, V-254330, V-254331, V-254332, V-254333, V-254334, V-254335, V-254336, V-254337, V-254338, V-254339, V-254341, V-254342, V-254344, V-254345, V-254346, V-254347, V-254348, V-254349, V-254350, V-254351, V-254352, V-254353, V-254354, V-254355, V-254356, V-254357, V-254358, V-254359, V-254360, V-254361, V-254362, V-254363, V-254364, V-254365, V-254366, V-254367, V-254368, V-254369, V-254370, V-254371, V-254372, V-254373, V-254374, V-254375, V-254376, V-254377, V-254378, V-254379, V-254380, V-254381, V-254382, V-254383, V-254431, V-254432, V-254433, V-254434, V-254435, V-254436, V-254438, V-254439, V-254442, V-254443, V-254444, V-254445, V-254446, V-254449, V-254450, V-254451, V-254452, V-254453, V-254454, V-254455, V-254456, V-254459, V-254460, V-254461, V-254462, V-254463, V-254464, V-254465, V-254466, V-254467, V-254468, V-254469, V-254470, V-254471, V-254472, V-254473, V-254474, V-254475, V-254476, V-254477, V-254478, V-254479, V-254480, V-254481, V-254482, V-254483, V-254484, V-254485, V-254486, V-254487, V-254488, V-254489, V-254490, V-254493, V-254494, V-254495, V-254497, V-254499, V-254500, V-254501, V-254502, V-254503, V-254504, V-254505, V-254507, V-254508, V-254509, V-254510, V-254511, and V-254512

This release includes the following STIG settings for Windows operating systems:

V-205625, V-205626, V-205627, V-205628, V-205629, V-205630, V-205631, V-205632, V-205633, V-205634, V-205635, V-205636, V-205637, V-205638, V-205639, V-205640, V-205641, V-205642, V-205643, V-205644, V-205645, V-205646, V-205647, V-205648, V-205649, V-205650, V-205651, V-205652, V-205653, V-205654, V-205655, V-205656, V-205657, V-205658, V-205659, V-205660, V-205661, V-205662, V-205663, V-205664, V-205665, V-205666, V-205667, V-205668, V-205669, V-205670, V-205671, V-205672, V-205673, V-205674, V-205675, V-205676, V-205677, V-205678, V-205679, V-205680, V-205681, V-205682, V-205683, V-205684, V-205685, V-205686, V-205687, V-205688, V-205689, V-205690, V-205691, V-205692, V-205693, V-205694, V-205695, V-205696, V-205697, V-205698, V-205699, V-205700, V-205701, V-205702, V-205703, V-205704, V-205705, V-205706, V-205707, V-205708, V-205709, V-205710, V-205711, V-205712, V-205713, V-205714, V-205715, V-205716, V-205717, V-205718, V-205719, V-205720, V-205721, V-205722, V-205723, V-205724, V-205725, V-205726, V-205727, V-205728, V-205729, V-205730, V-205731, V-205732, V-205733, V-205734, V-205735, V-205736, V-205737, V-205738, V-205739, V-205740, V-205741, V-205742, V-205743, V-205744, V-205745, V-205746, V-205747, V-205748, V-205749, V-205750, V-205751, V-205752, V-205753, V-205754, V-205755, V-205756, V-205757, V-205758, V-205759, V-205760, V-205761, V-205762, V-205763, V-205764, V-205765, V-205766, V-205767, V-205768, V-205769, V-205770, V-205771, V-205772, V-205773, V-205774, V-205775, V-205776, V-205777, V-205778, V-205779, V-205780, V-205781, V-205782, V-205783, V-205784, V-205785, V-205786, V-205787, V-205788, V-205789, V-205790, V-205791, V-205792, V-205793, V-205794, V-205795, V-205796, V-205797, V-205798, V-205799, V-205800, V-205801, V-205802, V-205803, V-205804, V-205805, V-205806, V-205807, V-205808, V-205809, V-205810, V-205811, V-205812, V-205813, V-205814, V-205815, V-205816, V-205817, V-205818, V-205819, V-205820, V-205821, V-205822, V-205823, V-205824, V-205825, V-205826, V-205827, V-205828, V-205829, V-205830, V-205832, V-205833, V-205834, V-205835, V-205836, V-205837, V-205838, V-205839, V-205840, V-205841, V-205842, V-205843, V-205844, V-205845, V-205846, V-205847, V-205848, V-205849, V-205850, V-205851, V-205852, V-205853, V-205854, V-205855, V-205858, V-205859, V-205860, V-205861, V-205862, V-205863, V-205865, V-205866, V-205867, V-205868, V-205869, V-205870, V-205871, V-205872, V-205873, V-205874, V-205875, V-205876, V-205877, V-205882, V-205883, V-205884, V-205885, V-205886, V-205887, V-205888, V-205890, V-205892, V-205893, V-205894, V-205895, V-205896, V-205897, V-205898, V-205899, V-205900, V-205901, V-205902, V-205903, V-205904, V-205906, V-205907, V-205908, V-205909, V-205910, V-205911, V-205912, V-205913, V-205914, V-205915, V-205916, V-205917, V-205918, V-205919, V-205920, V-205921, V-205922, V-205923, V-205924, V-205925, V-214936, and V-236001

This release includes the following STIG settings for Windows operating systems:

V-224828, V-224832, V-224833, V-224834, V-224835, V-224850, V-224851, V-224852, V-224853, V-224854, V-224855, V-224856, V-224857, V-224858, V-224859, V-224866, V-224867, V-224868, V-224869, V-224870, V-224871, V-224872, V-224873, V-224874, V-224877, V-224878, V-224879, V-224880, V-224881, V-224882, V-224883, V-224884, V-224885, V-224886, V-224887, V-224888, V-224889, V-224890, V-224891, V-224892, V-224893, V-224894, V-224895, V-224896, V-224897, V-224898, V-224899, V-224900, V-224901, V-224902, V-224903, V-224904, V-224905, V-224906, V-224907, V-224908, V-224909, V-224910, V-224911, V-224912, V-224913, V-224914, V-224915, V-224916, V-224917, V-224918, V-224919, V-224920, V-224922, V-224924, V-224925, V-224926, V-224927, V-224928, V-224929, V-224930, V-224931, V-224932, V-224933, V-224934, V-224935, V-224936, V-224937, V-224938, V-224939, V-224940, V-224941, V-224942, V-224943, V-224944, V-224945, V-224946, V-224947, V-224948, V-224949, V-224951, V-224952, V-224953, V-224954, V-224955, V-224956, V-224957, V-224958, V-224959, V-224960, V-224961, V-224962, V-224963, V-225010, V-225013, V-225014, V-225015, V-225016, V-225017, V-225018, V-225019, V-225020, V-225021, V-225022, V-225023, V-225024, V-225025, V-225028, V-225029, V-225030, V-225031, V-225032, V-225033, V-225034, V-225035, V-225038, V-225039, V-225040, V-225041, V-225042, V-225043, V-225044, V-225045, V-225046, V-225047, V-225048, V-225049, V-225050, V-225051, V-225052, V-225053, V-225054, V-225055, V-225056, V-225057, V-225058, V-225060, V-225061, V-225062, V-225063, V-225064, V-225065, V-225066, V-225067, V-225068, V-225069, V-225070, V-225071, V-225072, V-225073, V-225074, V-225076, V-225077, V-225078, V-225079, V-225080, V-225081, V-225082, V-225083, V-225084, V-225085, V-225086, V-225087, V-225088, V-225089, V-225091, V-225092, V-225093, and V-236000

This release includes the following STIG settings for Windows operating systems:

V-225574, V-225573, V-225572, V-225571, V-225570, V-225569, V-225568, V-225567, V-225566, V-225565, V-225564, V-225563, V-225562, V-225561, V-225560, V-225559, V-225558, V-225557, V-225556, V-225555, V-225554, V-225553, V-225552, V-225551, V-225550, V-225549, V-225548, V-225547, V-225546, V-225545, V-225544, V-225543, V-225542, V-225541, V-225540, V-225539, V-225538, V-225537, V-225536, V-225535, V-225534, V-225533, V-225532, V-225531, V-225530, V-225529, V-225528, V-225527, V-225526, V-225525, V-225524, V-225523, V-225522, V-225521, V-225520, V-225519, V-225518, V-225517, V-225516, V-225515, V-225514, V-225513, V-225512, V-225511, V-225510, V-225509, V-225508, V-225507, V-225506, V-225505, V-225504, V-225503, V-225502, V-225501, V-225500, V-225499, V-225498, V-225497, V-225496, V-225495, V-225494, V-225493, V-225492, V-225491, V-225490, V-225489, V-225488, V-225487, V-225486, V-225485, V-225484, V-225483, V-225482, V-225481, V-225480, V-225479, V-225478, V-225477, V-225476, V-225475, V-225474, V-225473, V-225472, V-225471, V-225470, V-225469, V-225468, V-225467, V-225466, V-225465, V-225464, V-225463, V-225462, V-225461, V-225460, V-225459, V-225458, V-225457, V-225456, V-225455, V-225454, V-225453, V-225452, V-225451, V-225450, V-225449, V-225448, V-225447, V-225446, V-225445, V-225444, V-225443, V-225442, V-225441, V-225440, V-225439, V-225438, V-225437, V-225436, V-225435, V-225434, V-225433, V-225432, V-225431, V-225430, V-225429, V-225428, V-225427, V-225426, V-225425, V-225424, V-225423, V-225422, V-225421, V-225420, V-225419, V-225418, V-225417, V-225416, V-225415, V-225414, V-225413, V-225412, V-225411, V-225410, V-225409, V-225408, V-225407, V-225406, V-225405, V-225404, V-225402, V-225401, V-225400, V-225399, V-225398, V-225397, V-225396, V-225395, V-225394, V-225393, V-225392, V-225391, V-225390, V-225389, V-225388, V-225387, V-225386, V-225385, V-225384, V-225383, V-225382, V-225381, V-225380, V-225379, V-225378, V-225377, V-225376, V-225375, V-225374, V-225373, V-225372, V-225371, V-225370, V-225369, V-225368, V-225367, V-225366, V-225365, V-225364, V-225363, V-225362, V-225361, V-225360, V-225359, V-225358, V-225357, V-225356, V-225355, V-225354, V-225353, V-225352, V-225351, V-225350, V-225349, V-225348, V-225347, V-225346, V-225345, V-225344, V-225343, V-225342, V-225341, V-225340, V-225339, V-225338, V-225337, V-225336, V-225335, V-225334, V-225333, V-225332, V-225331, V-225330, V-225329, V-225328, V-225327, V-225326, V-225325, V-225324, V-225319, V-225318, V-225317, V-225316, V-225315, V-225314, V-225313, V-225312, V-225311, V-225310, V-225309, V-225308, V-225307, V-225306, V-225305, V-225304, V-225303, V-225302, V-225301, V-225300, V-225299, V-225298, V-225297, V-225296, V-225295, V-225294, V-225293, V-225292, V-225291, V-225290, V-225289, V-225288, V-225287, V-225286, V-225285, V-225284, V-225283, V-225282, V-225281, V-225280, V-225279, V-225278, V-225277, V-225276, V-225275, V-225274, V-225273, V-225272, V-225271, V-225270, V-225269, V-225268, V-225267, V-225266, V-225265, V-225264, V-225263, V-225262, V-225261, V-225260, V-225259, V-225258, V-225257, V-225256, V-225255, V-225254, V-225253, V-225252, V-225251, V-225250, V-225249, V-225248, V-225247, V-225246, V-225245, V-225244, V-225243, V-225242, V-225241, V-225240, and V-225239

Microsoft .NET Framework 4.0 STIG Version 2 Release 2

The following list contains STIG settings that apply to Windows operating system components for STIG Hardened EC2 AMIs. The following list contains STIG settings that apply for STIG Hardened Windows AMIs. Not all settings apply in all cases. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings apply, such as a requirement for administrators to review document settings.

For a complete list of Windows STIGs, see the STIGs Document Library. For information about how to view the complete list, see STIG Viewing Tools.

.NET Framework on Windows Server 2019, 2016, and 2012 R2 MS

V-225238

WindowsFirewall STIG Version 2 Release 1

The following list contains STIG settings that apply to Windows operating system components for STIG Hardened EC2 AMIs. The following list contains STIG settings that apply for STIG Hardened Windows AMIs. Not all settings apply in all cases. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings apply, such as a requirement for administrators to review document settings.

For a complete list of Windows STIGs, see the STIGs Document Library. For information about how to view the complete list, see STIG Viewing Tools.

WindowsFirewall on Windows Server 2019, 2016, and 2012 R2 MS

V-241989, V-241990, V-241991, V-241992, V-241993, V-241994, V-241995, V-241996, V-241997, V-241998, V-241999, V-242000, V-242001, V-242002, V-242003, V-242004, V-242005, V-242006, V-242007, and V-242008

Internet Explorer (IE) 11 STIG Version 2 Release 3

The following list contains STIG settings that apply to Windows operating system components for STIG Hardened EC2 AMIs. The following list contains STIG settings that apply for STIG Hardened Windows AMIs. Not all settings apply in all cases. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings apply, such as a requirement for administrators to review document settings.

For a complete list of Windows STIGs, see the STIGs Document Library. For information about how to view the complete list, see STIG Viewing Tools.

IE 11 on Windows Server 2019, 2016, and 2012 R2 MS

V-46473, V-46475, V-46477, V-46481, V-46483, V-46501, V-46507, V-46509, V-46511, V-46513, V-46515, V-46517, V-46521, V-46523, V-46525, V-46543, V-46545, V-46547, V-46549, V-46553, V-46555, V-46573, V-46575, V-46577, V-46579, V-46581, V-46583, V-46587, V-46589, V-46591, V-46593, V-46597, V-46599, V-46601, V-46603, V-46605, V-46607, V-46609, V-46615, V-46617, V-46619, V-46621, V-46625, V-46629, V-46633, V-46635, V-46637, V-46639, V-46641, V-46643, V-46645, V-46647, V-46649, V-46653, V-46663, V-46665, V-46669, V-46681, V-46685, V-46689, V-46691, V-46693, V-46695, V-46701, V-46705, V-46709, V-46711, V-46713, V-46715, V-46717, V-46719, V-46721, V-46723, V-46725, V-46727, V-46729, V-46731, V-46733, V-46779, V-46781, V-46787, V-46789, V-46791, V-46797, V-46799, V-46801, V-46807, V-46811, V-46815, V-46819, V-46829, V-46841, V-46847, V-46849, V-46853, V-46857, V-46859, V-46861, V-46865, V-46869, V-46879, V-46883, V-46885, V-46889, V-46893, V-46895, V-46897, V-46903, V-46907, V-46921, V-46927, V-46939, V-46975, V-46981, V-46987, V-46995, V-46997, V-46999, V-47003, V-47005, V-47009, V-64711, V-64713, V-64715, V-64717, V-64719, V-64721, V-64723, V-64725, V-64729, V-72757, V-72759, V-72761, V-72763, V-75169, V-75171, and V-97527

Microsoft Edge STIG Version 1 Release 6

The following list contains STIG settings that apply to Windows operating system components for STIG Hardened EC2 AMIs. The following list contains STIG settings that apply for STIG Hardened Windows AMIs. Not all settings apply in all cases. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings apply, such as a requirement for administrators to review document settings.

For a complete list of Windows STIGs, see the STIGs Document Library. For information about how to view the complete list, see STIG Viewing Tools.

Microsoft Edge on Windows Server 2022

V-235720, V-235721, V-235723, V-235724, V-235725, V-235726, V-235727, V-235728, V-235729, V-235730, V-235731, V-235732, V-235733, V-235734, V-235735, V-235736, V-235737, V-235738, V-235739, V-235740, V-235741, V-235742, V-235743, V-235744, V-235745, V-235746, V-235747, V-235748, V-235749, V-235750, V-235751, V-235752, V-235754, V-235756, V-235758, V-235759, V-235760, V-235761, V-235763, V-235764, V-235765, V-235766, V-235767, V-235768, V-235769, V-235770, V-235771, V-235772, V-235773, V-235774, and V-246736

Microsoft Defender STIG Version 2 Release 4

The following list contains STIG settings that apply to Windows operating system components for STIG Hardened EC2 AMIs. The following list contains STIG settings that apply for STIG Hardened Windows AMIs. Not all settings apply in all cases. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings apply, such as a requirement for administrators to review document settings.

For a complete list of Windows STIGs, see the STIGs Document Library. For information about how to view the complete list, see STIG Viewing Tools.

Microsoft Defender on Windows Server 2022

V-213426, V-213427, V-213429, V-213430, V-213431, V-213432, V-213433, V-213434, V-213435, V-213436, V-213437, V-213438, V-213439, V-213440, V-213441, V-213442, V-213443, V-213444, V-213445, V-213446, V-213447, V-213448, V-213449, V-213450, V-213451, V-213452, V-213453, V-213455, V-213464, V-213465, and V-213466

Version history

The following table provides version history updates for STIG settings that are applied to Windowsoperating systems and Windowscomponents.

Date AMIs Details
04/24/2023

Windows Server 2022 STIG Version 1 Release 1

Microsoft Edge STIG Version 1 Release 6

Microsoft Defender STIG Version 2 Release 4

 Added support for Windows Server 2022, Microsoft Edge, and Microsoft Defender.
03/01/2023

Windows Server 2019 STIG Version 2 Release 5

Windows Server 2016 STIG Version 2 Release 5

Windows Server 2012 R2 MS STIG Version 3 Release 5

Microsoft .NET Framework 4.0 STIG Version 2 Release 2

WindowsFirewall STIG Version 2 Release 1

Internet Explorer 11 STIG Version 2 Release 3

 AMIs released for 2022 Q4 with updated versions where applicable, and applied STIGs.
07/21/2022

Windows Server 2019 STIG Version 2 R4

Windows Server 2016 STIG Version 2 R4

Windows Server 2012 R2 MS STIG Version 3 R3

Microsoft .NET Framework 4.0 STIG Version 2 R1

WindowsFirewall STIG Version 2 R1

Internet Explorer 11 STIG V1 R19

 AMIs released with updated versions where applicable, and applied STIGs.
12/15/2021

Windows Server 2019 STIG Version 2 R3

Windows Server 2016 STIG Version 2 R3

Windows Server 2012 R2 STIG Version 3 R3

Microsoft .NET Framework 4.0 STIG Version 2 R1

WindowsFirewall STIG Version 2 R1

Internet Explorer 11 STIG V1 R19

 AMIs released with updated versions where applicable, and applied STIGs.
6/9/2021

Windows Server 2019 STIG Version 2 R2

Windows Server 2016 STIG Version 2 R2

Windows Server 2012 R2 STIG Version 3 R2

Microsoft .NET Framework 4.0 STIG Version 2 R1

WindowsFirewall STIG V1 R7

Internet Explorer 11 STIG V1 R19

 Updated versions where applicable, and applied STIGs.
4/5/2021

Windows Server 2019 STIG Version 2 R 1

Windows Server 2016 STIG Version 2 R 1

Windows Server 2012 R2 STIG Version 3 R 1

Microsoft .NET Framework 4.0 STIG Version 2 R 1

WindowsFirewall STIG V1 R 7

Internet Explorer 11 STIG V1 R 19

 Updated versions where applicable, and applied STIGs.
9/18/2020

Windows Server 2019 STIG V1 R 5

Windows Server 2016 STIG V1 R 12

Windows Server 2012 R2 STIG Version 2 R 19

Internet Explorer 11 STIG V1 R 19

Microsoft .NET Framework 4.0 STIG V1 R 9

WindowsFirewall STIG V1 R 7

 Updated versions and applied STIGs.
12/6/2019

Server 2012 R2 Core and Base V2 R17

Server 2016 Core and Base V1 R11

Internet Explorer 11 V1 R18

Microsoft .NET Framework 4.0 V1 R9

WindowsFirewall STIG V1 R17

 Updated versions and applied STIGs.
9/17/2019

Server 2012 R2 Core and Base V2 R16

Server 2016 Core and Base V1 R9

Server 2019 Core and Base V1 R2

Internet Explorer 11 V1 R17

Microsoft .NET Framework 4.0 V1 R8

 Initial release.