STIG-Ready Base AMIs
for AWS Marketplace

Minimal Ubuntu 24.04 LTS images with a CIS Level 2 / NIST 800-53 / DISA STIG-aligned partition layout, SSH hardening, and the latest security patches — built fresh every month.

Start from a hardened baseline. Apply your STIG profiles, Ansible playbooks, or custom tooling on top without fighting pre-baked config.

Browse on AWS Marketplace View on GitHub

What You Get

Every StigReady AMI ships ready for compliance scanning from day one.

Proper Partition Layout

Separate mounts for /home, /tmp, /var, /var/log, /var/log/audit, /var/tmp with hardened mount options.

SSH Hardened

Password auth disabled, root login prohibited, empty passwords blocked. SSH host keys regenerate on first boot. No pre-installed authorized keys.

Monthly Patches

Built from the official Ubuntu 24.04 ISO with all available security patches applied. New AMI versions published every month.

AWS-Native

IMDSv2 enforced on first boot. SSM Agent pre-installed. cloud-init handles EC2 key pair injection. EBS-backed, HVM, x86_64.

Compliance Alignment

Built to satisfy the controls that auditors actually check.

DISA STIG
Ubuntu 24.04 V1R5

UBTU-24-900920 — separate /var/log/audit
UBTU-24-100010/20 — chrony, no timesyncd
SSH hardening controls
No blank/null passwords

CIS Benchmark
Ubuntu 24.04 Level 2

Separate /tmp, /var, /var/log partitions
nodev, nosuid, noexec mount options
/dev/shm as tmpfs with restrictions
Minimal package footprint

NIST 800-53
Rev 5

SC-5 — Denial of service protection
CM-6 — Configuration settings
IA-5 — Authenticator management
AU-9 — Audit log protection

StigReady AMIs are a hardened base layer — not a fully audited system. Apply your STIG profiles, auditd rules, and application hardening on top.

Partition Layout

GPT disk · LVM volume group vg_root · 64 GB total

Mount	Size	Filesystem	Options
/boot/efi	550 MB	vfat	—
/boot	1 GB	ext4	—
/	20 GB	xfs	—
/home	10 GB	xfs	nodev,nosuid
/tmp	5 GB	xfs	nodev,nosuid,noexec
/var	5 GB	xfs	nodev,nosuid
/var/tmp	5 GB	xfs	nodev,nosuid,noexec
/var/log	5 GB	xfs	nodev,nosuid,noexec
/var/log/audit	5 GB	xfs	nodev,nosuid,noexec
swap	2 GB	swap	—

How It Works

Subscribe to StigReady on AWS Marketplace. Launch directly from the console — no additional setup required.

Launch

EC2 injects your key pair on first boot via cloud-init. Connect as ec2-user over SSH with key-based auth.

Harden

Apply your STIG profiles, auditd rules, and application config on top of a clean, compliant base.

Pricing

Pay only the software fee on top of your normal EC2 costs.

$0.04/hr

Software fee · EC2 instance costs billed separately by AWS

Annual contracts and Private Offers available. Contact us for volume pricing.

STIG-Ready Base AMIs
for AWS Marketplace

What You Get

Proper Partition Layout

SSH Hardened

Monthly Patches

AWS-Native

Compliance Alignment

DISA STIG
Ubuntu 24.04 V1R5

CIS Benchmark
Ubuntu 24.04 Level 2

NIST 800-53
Rev 5

Partition Layout

How It Works

Subscribe

Launch

Harden

Available AMIs

StigReady Minimal Ubuntu 24.04 LTS

Pricing

STIG-Ready Base AMIs for AWS Marketplace

What You Get

Proper Partition Layout

SSH Hardened

Monthly Patches

AWS-Native

Compliance Alignment

DISA STIGUbuntu 24.04 V1R5

CIS BenchmarkUbuntu 24.04 Level 2

NIST 800-53Rev 5

Partition Layout

How It Works

Subscribe

Launch

Harden

Available AMIs

StigReady Minimal Ubuntu 24.04 LTS

Pricing

STIG-Ready Base AMIs
for AWS Marketplace

DISA STIG
Ubuntu 24.04 V1R5

CIS Benchmark
Ubuntu 24.04 Level 2

NIST 800-53
Rev 5