From dd6f873778b0c5ed23be032ec0e619ced546ed35 Mon Sep 17 00:00:00 2001
From: Craig <craig.osterhout@docker.com>
Date: Thu, 14 Aug 2025 13:07:58 -0700
Subject: [PATCH] dhi: update cis wording

Signed-off-by: Craig <craig.osterhout@docker.com>
---
 content/manuals/dhi/core-concepts/cis.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/content/manuals/dhi/core-concepts/cis.md b/content/manuals/dhi/core-concepts/cis.md
index 3b2f7235966..7b88fa75605 100644
--- a/content/manuals/dhi/core-concepts/cis.md
+++ b/content/manuals/dhi/core-concepts/cis.md
@@ -31,7 +31,9 @@ Dockerfile configuration.
 CIS-compliant DHIs are compliant with all controls in Section 4, with the sole
 exception of the control requiring Docker Content Trust (DCT), which [Docker
 officially retired](https://www.docker.com/blog/retiring-docker-content-trust/).
-By starting from a CIS-compliant DHI, teams can adopt image-level best practices
+Instead, DHIs are [signed](/manuals/dhi/core-concepts/signatures.md) using
+Cosign, providing an even higher level of authenticity and integrity. By
+starting from a CIS-compliant DHI, teams can adopt image-level best practices
 from the benchmark more quickly and confidently.
 
 > [!NOTE]