Nému Hardened Computing

Amazon AMI Release Notes

2019-11-15 SLES12 STIG 2019Q4 Added!

  • We now support SuSE Enterprise Linux 12, for customers that require it.  You can find it in AWS Marketplace today!

  • As this is a new product, please don't hesitate to let us know if you encounter issues with it.


2019-11-06 Notice

  • As of this date, DISA has not released updates to the Windows Server 2016 or Windows Server 2019 STIG profiles. The latest STIG available for Windows is v1r2 (Server 2019) and v1r9 (Server 2016).

  • Once updated STIG profiles become available, we will publish new Windows AMIs. 


2019-11-06 RHEL7 STIG 2019Q4, CentOS 7 STIG 2019Q4, Apache Tomcat STIG 2019Q4

  • Our STIG profiles have been updated to V2R5 (from the October 2019 STIG Package)

  • All of the issues reported in the September Notice below have been corrected.

  • RedHat & CentOS are now at release 7.7.

  • Apache Tomcat 8 has been updated to 8.5.47.

  • Apache Tomcat 9 has been updated to 9.0.27.

  • Our 2018Q4 products will be removed from Amazon in December 2019. If you use either of the following two AMIs in your environment, please migrate to a more recent product as soon as possible:

    • ami-011ac06b14d951a23: Nemu Hardened Computing RHEL7 2018Q4

    • ami-05f05d8fda2e9982a: Nemu Hardened Computing CentOS7 2018Q4


2019-09-09 Notice

  • A customer has reported that Tenable Nessus is reporting open findings on our latest RHEL7 STIG AMI.

  • For the Audit-related controls, run the following command to synchronize the running audit.rules file and close the findings (this will be corrected in the next quarterly release):

    • augenrules

  • Nessus reports a number of password-related controls as being open: As we have stated in the past, we do not remediate these controls as it may cause EC2 instances to become inaccessible. Please refer to our FAQ for instructions on how to fix this yourself, if your organization requires it. 

  • As always, if you encounter open findings with our AMIs, please contact us immediately so we can help you get them resolved. We stand by the integrity of our products at all times!


2019-08-14 Nému Hardened Windows Server 2019Q3

  • Yes, we finally do Windows!

  • Server 2016 and Server 2019 images with Desktop Experience are available in Marketplace today!

  • As these are new for us, we're standing by to assist if you hit any problems.

  • Images are deployed with FIPS Compliance enabled. This can cause problems with some applications, and Microsoft no longer recommends enabling it - but the STIG requires it.

  • Additional versions of Windows can be made available upon request, as far back as 2008R2. 


2019-08-14 RHEL7 STIG 2019Q3, CentOS 7 STIG 2019Q3, Apache Tomcat STIG 2019Q3

  • All products have been updated to the RedHat STIG v2r4.

  • A bug in our previous product releases that had caused t3 instance types to hang on startup has been fixed.

  • Some users have reported issues with user-data scripts not running. We have identified this as being an issue with cloud-init and have reported that bug to their team. In the meantime, we have implemented a workaround to fix this in the AMI for now.

  • Added products to AWS Marketplace region us-gov-east-1

  • Deprecation Warning:
    The following AMIs will be removed during the next quarterly release (December 2019). If you are using any of these AMIs in your environment, and cannot upgrade to the latest images available in the Marketplace, please contact the sales team for long-term support options.

    • ami-011ac06b14d951a23: Nemu Hardened Computing RHEL7 2018Q4

    • ami-05f05d8fda2e9982a: Nemu Hardened Computing CentOS7 2018Q4


2019-07-21 Apache Tomcat Images available

  • Our first release of Nému Hardened Tomcat (versions 8 and 9 on top of STIG RHEL7) is now available for you to buy in the AWS Marketplace! (If you need it sooner, or in your on-premise environment, the product is also available today through the Nému Shop!)


2019-07-20 Notice

  • We've gotten reports of issues with t3 instance types. We're working to get this resolved, and hope to have it corrected in the next quarterly release. If you are experiencing problems and need an earlier fix, please contact support.


2019-05-28 RHEL7 STIG 2019Q2, CentOS 7 STIG 2019Q2

  • We have updated the STIG profile to v2r3, per IASE's latest release.

  • All AMIs now include a fourth volume for Audit log storage, to comply with V-72063. Please contact [email protected] if you wish to use an AMI without filesystem separation.


2019-04-23 Notice

  • The 2019Q2 RHEL and CentOS STIG images will include a dedicated partition for audit logs (/var/log/audit), along with a number of fixes to ensure our strict compliance with all RHEL STIG v2r2 controls.

  • Windows 2016 is in the final stages of testing, and will hopefully be included in the 2019Q2 release. Please e-mail [email protected] if this is a priority for your team.


2019-03-01 RHEL 7 STIG 2019Q1, CentOS 7 STIG 2019Q1

  • STIG baseline upgraded to v2r2

  • Password controls now included in baseline configurations

  • Applied latest operating system patches.


2018-12-29 Notice

  • We've been informed there may be issues with Nessus reporting some of the password security controls as being unmet. This is due to our treatment of "password security" as a non-Cloud finding: Our Amazon EC2 instances rely on SSH private keys to secure your hosts, there are no system passwords by default. We're looking at including some of these remediations in our 2019Q1 image to ensure your systems appear more compliant. Please let us know if you need this sooner: [email protected] 


2018-12-04 CentOS 7 STIG 2018Q4

  • Applied and built the latest available STIG guidelines using base image ami-05f05d8fda2e9982a.  (Yes, it's CentOS. Yes, it's STIGged. We won't tell the General if you don't!)


 2018-11-27 RHEL 7 STIG 2018Q4

  • Applied and built the latest available STIG guidelines using base image ami-011b3ccf1bd6db744.