CME-1201
Immutable Infrastructure
Description
Servers are replaced rather than patched in place. Golden images are built in CI/CD, deployed fresh, and destroyed on replacement. Compromised instances are terminated and redeployed from known-good state.
CVSS Vector Impacts
| Metric | Transition | Rationale |
|---|---|---|
| Availability (A) | H → L | Compromised instance replaced from known-good image; minimal downtime |
| Integrity (I) | H → L | Persistent modifications eliminated on next deployment cycle |
Verification
Verify deployment pipeline builds from golden images