For every major revision of a regulatory compliance guideline (DISA STIG, etc.) Buddha Labs identifies changes from the previous version and provides a detailed change-log to our Cloud Buddha Customers.

Next, technical implementations that are deemed ‘stable’ for automation will be added to the Cloud Buddha Patch Bundle. If the technical change is deemed ‘dangerous’, i.e. change password requirements, firewall rules, customer/environment specific, or detrimental to the system, Buddha Labs will provide detailed documentation on how to configure the requirement on existing Cloud Buddha AMI’s.  All changes between versions will be added into the next release of the Cloud Buddha AMI (See release notes on AWS Marketplace).

All of this documentation is available on our Zen Support Portal here.

We have answers! Send is an email at or open a ticket via our Zen Support Portal here.

Our experience has demonstrated proven that Cloud Buddha AMI’s documentation when supplied to vendors during troubleshooting installation problems will give vendor support staff and developers the in-depth technical details necessary to troubleshoot their applications.

If you find a vendor that happens to not understand or can’t identify what compliance requirement is causing the problem, open at ticket on our Zen Support Portal and one of our Buddha Labs Security engineers make a best effort to assist.


Too Easy! Shoot us an email at and well get back to you ASAP!

All documentation is located in our Zen Support Portal (See Link On Navigation Menu) or is available      


Support is conducted via our Zen Support Portal here.

What if I scan a Cloud Buddha Image and it doesn’t match what is provided in the report?

Cloud Buddha CIS, HIPAA, PCI, and DISA STIG AMI’s are based on the individual regulatory bodies tools and guidelines.  Not every organization uses these specific tools, so we recognize that other tools might produce false positives or false negatives.  As Buddha Labs does not have access to every possible compliance auditing tool, should a scanner or manual audit return results that don’t match the documentation provide we will work with the customer and vendor to address this use.  Well even go a step further and work with the compliance vendor and/or auditor to remedy the problem.

Scans of my system after installing a bunch of applications and now my compliance level is different?

Some software and applications will alter the compliance posture of a system after install.  Should this occur, the documentation provided should give clear guidance on what needs to be done to re-hardened the specific requirement.  *note* If an application or software alters the compliance posture of a Cloud Buddha AMI, it would be best to contact the software vendor to determine if the alteration affects current support or application functionality.  If you have any questions, don’t hesitate to open up a ticket via our support portal and well do everything we can to help!

What about additional compliance guidelines for applications such as Databases, Web Servers, etc?

At this time its up to the you (the customer) to address additional compliance guidelines. It’s on Cloud Buddha’s roadmap to start building on pre-hardened applications such as Apache, MySQL, etc.  If you need assistance with additional compliance requirements, drop us a line at

Certain applications and/or software won’t install on Cloud Buddha AMI’s!

Most vendors understand regulatory compliance requirements and should be able to assist in troubleshooting installation issues on hardened systems.  Cloud Buddha AMI’s documentation will give vendors in-depth insight to changes made to the system.

I have questions not answered here!

We have answers!  Either contact us at or open a ticket via our Enlightened Support Portal here.