Skip to main content
  1. Blog
  2. Article

Carlos Bravo
on 28 August 2025

Ubuntu Pro Minimal 22.04 LTS with CIS hardening is now generally available on AWS

AWS CIS CIS Benchmarks DISA STIG Hardening Linux Security Ubuntu Ubuntu Server

August 28, 2025 – We are excited to announce the general availability of Ubuntu Pro Minimal 22.04 LTS with CIS hardening, a new variant of Ubuntu designed for organizations that require tight security controls, minimal attack surface, and out-of-the-box compliance.

This new offering combines the efficiency of Minimal Ubuntu with the enterprise-grade security coverage of Ubuntu Pro and, now, pre-applied Center for Internet Security (CIS) benchmark hardening, helping enterprises deploy infrastructure that’s compliant from Day Zero.

What is Ubuntu Pro Minimal with CIS hardening?

Starting from Minimal Ubuntu, a streamlined Ubuntu Server variant built with a minimal set of packages, this image includes only the essential components, reducing its attack surface and resource footprint. 

Ubuntu Pro adds an enterprise-grade security layer, delivering patches for high and critical CVEs across all open source packages in Ubuntu, covering thousands of packages.

On top of this minimal, fully secured foundation, we’ve applied a CIS Level 1 benchmark hardening profile. This enforces configuration policies aligned with industry standards and best practices, covering areas such as:

  • File system and permission policies
  • Secure boot settings
  • Network and firewall configurations
  • Logging and auditing rules
  • Access control and authentication mechanisms

Benefits of Ubuntu Pro Minimal with CIS hardening

  • Hardened out-of-the-box: The majority of the CIS security controls are pre-applied, reducing manual effort and human error. You get a secure, minimal OS that’s ready for production from first boot.
  • Minimal footprint, maximum control: By starting from a minimal base, you deploy only what’s needed, keeping your systems lightweight and performant.
  • Pro-grade security coverage: Includes up to 12 years of CVE patching for the full Ubuntu archive (both main and universe) and access to FIPS-certified cryptographic modules, DISA-STIG profiles, and kernel livepatch.
  • Optimized for AWS: Shipped with the AWS-optimized kernel and agents for full compatibility across all instance types and EC2 AWS services.

How to get started

Ubuntu Pro Minimal 22.04 LTS with CIS hardening is already available on the AWS Marketplace and can also be launched using the EC2 console after subscribing to the product. 

To learn more about Ubuntu Pro on AWS and our optional support options, contact us via our webpage  or email us at aws@canonical.com

Related posts

Massimiliano Gori
31 March 2026

How to manage Ubuntu fleets using on-premises Active Directory and ADSys

Cloud and server Article

The “hybrid fleet” is today’s reality: organizations diversify operating systems while Microsoft Active Directory (AD) remains the dominant identity “source of truth.” IT administrators must ensure Linux machines, like Ubuntu desktops and servers, behave as first-class citizens in this environment. Efficient Linux management demands unifi ...

Miha Purg
15 May 2026

Finding the blind spot: How Canonical hunts logic flaws with AI

AI Article

AI is accelerating and improving how security engineers find and fix vulnerabilities. A new tool developed and used at Canonical, called Redhound, has already uncovered three critical logic vunerabilites, paving the way for a more secure software landscape. ...

Luci Stanescu
14 May 2026

Fragnesia Linux kernel local privilege escalation vulnerability mitigations

Ubuntu Article

A local privilege escalation (LPE) vulnerability affecting the Linux kernel has been publicly disclosed on May 13, 2026. The vulnerability does not have a CVE ID published, but is referred to as “Fragnesia.”  The vulnerability affects multiple Linux distributions, including all Ubuntu releases. The affected components are the Linux kernel ...