BigFix Compliance: Updated CIS Checklist for Amazon Linux 2 with bug fixes, published 2025-10-10

Release Announcements Compliance (Release Announcements)
1

Product:
BigFix Compliance

Title:
Updated CIS Checklist for Amazon Linux 2 with bug fixes

Security Benchmark:
CIS Amazon Linux 2 Benchmark V3.0.0

Published Sites:
CIS Checklist for Amazon Linux 2, site version 9
(The site version is provided for air-gap customers.)

Details:

Modified logics for these checks:

Ensure auditing for processes that start prior to audit is enabled

Ensure audit_backlog_limit is sufficient

Ensure the running and on disk configuration is the same

Ensure no duplicate GIDs exist

Ensure no duplicate group names exist

Ensure no duplicate UIDs exist

Ensure no duplicate user names exist

Additional details:
● Both analysis and remediation checks are included
● Some of the checks allow you to use the parameterized setting to enable customization for compliance evaluation. Note that parameterization and remediation actions require the creation of a custom site.
Improved few checks by adding the pending restart feature to them. The pending restart feature works in the following ways:
● The action results will show “Pending Restart” instead of “Fixed” for those checks which requires OS reboot.
● The check will show relevant for those endpoints until they are rebooted.
● Post reboot of the endpoint the action results will show as “Fixed” and the check will be compliant.

Actions to take:

More information:
To know more about the BigFix Compliance SCM checklists, please see the following resources:

  • BigFix Forum:

https://forum.bigfix.com/c/release-announcements/compliance

  • BigFix Compliance SCM Checklists:

https://bigfix-wiki.hcltechsw.com/wikis/home?lang=en-us#!/wiki/BigFix%20Wiki/page/SCM%20Checklists
We hope you find this latest release of SCM content useful and effective. Thank you!
– The BigFix Compliance team