Profile ID: xccdf_org.ssgproject.content_profile_pci-dss

Ensures PCI-DSS v3.2.1 security configuration settings are applied.

Profile ID: xccdf_org.ssgproject.content_profile_standard

This profile contains rules to ensure standard security baseline of a Red Hat Enterprise Linux 7 system. Regardless of your system's workload all of these checks should pass.

Profile ID: xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced

This profile contains configurations that align to ANSSI-BP-028 v1.2 at the enhanced hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

A copy of the ANSSI-BP-028 can be found at the ANSSI website: https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/

Profile ID: xccdf_org.ssgproject.content_profile_anssi_bp28_high

This profile contains configurations that align to ANSSI-BP-028 v1.2 at the high hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

A copy of the ANSSI-BP-028 can be found at the ANSSI website: https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/

Profile ID: xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary

This profile contains configurations that align to ANSSI-BP-028 v1.2 at the intermediary hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

A copy of the ANSSI-BP-028 can be found at the ANSSI website: https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/

Profile ID: xccdf_org.ssgproject.content_profile_anssi_bp28_minimal

This profile contains configurations that align to ANSSI-BP-028 v1.2 at the minimal hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

A copy of the ANSSI-BP-028 can be found at the ANSSI website: https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/

Profile ID: xccdf_org.ssgproject.content_profile_cis

This profile defines a baseline that aligns to the "Level 2 - Server" configuration from the Center for Internet Security® Red Hat Enterprise Linux 8 Benchmark™, v2.0.0, released 2022-02-23.

This profile includes Center for Internet Security® Red Hat Enterprise Linux 8 CIS Benchmarks™ content.

Profile ID: xccdf_org.ssgproject.content_profile_cis_server_l1

This profile defines a baseline that aligns to the "Level 1 - Server" configuration from the Center for Internet Security® Red Hat Enterprise Linux 8 Benchmark™, v2.0.0, released 2022-02-23.

This profile includes Center for Internet Security® Red Hat Enterprise Linux 8 CIS Benchmarks™ content.

Profile ID: xccdf_org.ssgproject.content_profile_cis_workstation_l1

This profile defines a baseline that aligns to the "Level 1 - Workstation" configuration from the Center for Internet Security® Red Hat Enterprise Linux 8 Benchmark™, v2.0.0, released 2022-02-23.

This profile includes Center for Internet Security® Red Hat Enterprise Linux 8 CIS Benchmarks™ content.

Profile ID: xccdf_org.ssgproject.content_profile_cis_workstation_l2

This profile defines a baseline that aligns to the "Level 2 - Workstation" configuration from the Center for Internet Security® Red Hat Enterprise Linux 8 Benchmark™, v2.0.0, released 2022-02-23.

This profile includes Center for Internet Security® Red Hat Enterprise Linux 8 CIS Benchmarks™ content.

Profile ID: xccdf_org.ssgproject.content_profile_cui

From NIST 800-171, Section 2.2: Security requirements for protecting the confidentiality of CUI in nonfederal information systems and organizations have a well-defined structure that consists of:

(i) a basic security requirements section; (ii) a derived security requirements section.

The basic security requirements are obtained from FIPS Publication 200, which provides the high-level and fundamental security requirements for federal information and information systems. The derived security requirements, which supplement the basic security requirements, are taken from the security controls in NIST Special Publication 800-53.

This profile configures Red Hat Enterprise Linux 8 to the NIST Special Publication 800-53 controls identified for securing Controlled Unclassified Information (CUI)."

Profile ID: xccdf_org.ssgproject.content_profile_e8

This profile contains configuration checks for Red Hat Enterprise Linux 8 that align to the Australian Cyber Security Centre (ACSC) Essential Eight.

A copy of the Essential Eight in Linux Environments guide can be found at the ACSC website:

https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers

Profile ID: xccdf_org.ssgproject.content_profile_hipaa

The HIPAA Security Rule establishes U.S. national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

This profile configures Red Hat Enterprise Linux 8 to the HIPAA Security Rule identified for securing of electronic protected health information. Use of this profile in no way guarantees or makes claims against legal compliance against the HIPAA Security Rule(s).

Profile ID: xccdf_org.ssgproject.content_profile_ism_o

This profile contains configuration checks for Red Hat Enterprise Linux 8 that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM) with the applicability marking of OFFICIAL.

The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning Red Hat Enterprise Linux security controls with the ISM, which can be used to select controls specific to an organisation's security posture and risk profile.

A copy of the ISM can be found at the ACSC website:

https://www.cyber.gov.au/ism

Profile ID: xccdf_org.ssgproject.content_profile_ospp

This profile reflects mandatory configuration controls identified in the NIAP Configuration Annex to the Protection Profile for General Purpose Operating Systems (Protection Profile Version 4.2.1).

This configuration profile is consistent with CNSSI-1253, which requires U.S. National Security Systems to adhere to certain configuration parameters. Accordingly, this configuration profile is suitable for use in U.S. National Security Systems.

Profile ID: xccdf_org.ssgproject.content_profile_pci-dss

Ensures PCI-DSS v3.2.1 security configuration settings are applied.

Profile ID: xccdf_org.ssgproject.content_profile_stig

This profile contains configuration checks that align to the DISA STIG for Red Hat Enterprise Linux 8 V1R7.

In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this configuration baseline as applicable to the operating system tier of Red Hat technologies that are based on Red Hat Enterprise Linux 8, such as:

- Red Hat Enterprise Linux Server - Red Hat Enterprise Linux Workstation and Desktop - Red Hat Enterprise Linux for HPC - Red Hat Storage - Red Hat Containers with a Red Hat Enterprise Linux 8 image

Profile ID: xccdf_org.ssgproject.content_profile_stig_gui

This profile contains configuration checks that align to the DISA STIG with GUI for Red Hat Enterprise Linux 8 V1R7.

In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this configuration baseline as applicable to the operating system tier of Red Hat technologies that are based on Red Hat Enterprise Linux 8, such as:

- Red Hat Enterprise Linux Server - Red Hat Enterprise Linux Workstation and Desktop - Red Hat Enterprise Linux for HPC - Red Hat Storage - Red Hat Containers with a Red Hat Enterprise Linux 8 image

Warning: The installation and use of a Graphical User Interface (GUI) increases your attack vector and decreases your overall security posture. If your Information Systems Security Officer (ISSO) lacks a documented operational requirement for a graphical user interface, please consider using the standard DISA STIG for Red Hat Enterprise Linux 8 profile.

Profile ID: xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced

This profile contains configurations that align to ANSSI-BP-028 v1.2 at the enhanced hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

A copy of the ANSSI-BP-028 can be found at the ANSSI website: https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/

Profile ID: xccdf_org.ssgproject.content_profile_anssi_bp28_high

This profile contains configurations that align to ANSSI-BP-028 v1.2 at the high hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

A copy of the ANSSI-BP-028 can be found at the ANSSI website: https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/

Profile ID: xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary

This profile contains configurations that align to ANSSI-BP-028 v1.2 at the intermediary hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

A copy of the ANSSI-BP-028 can be found at the ANSSI website: https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/

Profile ID: xccdf_org.ssgproject.content_profile_anssi_bp28_minimal

This profile contains configurations that align to ANSSI-BP-028 v1.2 at the minimal hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

A copy of the ANSSI-BP-028 can be found at the ANSSI website: https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/

Profile ID: xccdf_org.ssgproject.content_profile_cis

This profile defines a baseline that aligns to the "Level 2 - Server" configuration from the Center for Internet Security® Red Hat Enterprise Linux 8 Benchmark™, v1.0.1, released 2021-05-19.

This profile includes Center for Internet Security® Red Hat Enterprise Linux 8 CIS Benchmarks™ content.

Profile ID: xccdf_org.ssgproject.content_profile_cis_server_l1

This profile defines a baseline that aligns to the "Level 1 - Server" configuration from the Center for Internet Security® Red Hat Enterprise Linux 8 Benchmark™, v1.0.1, released 2021-05-19.

This profile includes Center for Internet Security® Red Hat Enterprise Linux 8 CIS Benchmarks™ content.

Profile ID: xccdf_org.ssgproject.content_profile_cis_workstation_l1

This profile defines a baseline that aligns to the "Level 1 - Workstation" configuration from the Center for Internet Security® Red Hat Enterprise Linux 8 Benchmark™, v1.0.1, released 2021-05-19.

This profile includes Center for Internet Security® Red Hat Enterprise Linux 8 CIS Benchmarks™ content.

Profile ID: xccdf_org.ssgproject.content_profile_cis_workstation_l2

This profile defines a baseline that aligns to the "Level 2 - Workstation" configuration from the Center for Internet Security® Red Hat Enterprise Linux 8 Benchmark™, v1.0.1, released 2021-05-19.

This profile includes Center for Internet Security® Red Hat Enterprise Linux 8 CIS Benchmarks™ content.

Profile ID: xccdf_org.ssgproject.content_profile_cui

From NIST 800-171, Section 2.2: Security requirements for protecting the confidentiality of CUI in nonfederal information systems and organizations have a well-defined structure that consists of:

(i) a basic security requirements section; (ii) a derived security requirements section.

The basic security requirements are obtained from FIPS Publication 200, which provides the high-level and fundamental security requirements for federal information and information systems. The derived security requirements, which supplement the basic security requirements, are taken from the security controls in NIST Special Publication 800-53.

This profile configures Red Hat Enterprise Linux 8 to the NIST Special Publication 800-53 controls identified for securing Controlled Unclassified Information (CUI)."

Profile ID: xccdf_org.ssgproject.content_profile_e8

This profile contains configuration checks for Red Hat Enterprise Linux 8 that align to the Australian Cyber Security Centre (ACSC) Essential Eight.

A copy of the Essential Eight in Linux Environments guide can be found at the ACSC website:

https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers

Profile ID: xccdf_org.ssgproject.content_profile_hipaa

The HIPAA Security Rule establishes U.S. national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

This profile configures Red Hat Enterprise Linux 8 to the HIPAA Security Rule identified for securing of electronic protected health information. Use of this profile in no way guarantees or makes claims against legal compliance against the HIPAA Security Rule(s).

Profile ID: xccdf_org.ssgproject.content_profile_ism_o

This profile contains configuration checks for Red Hat Enterprise Linux 8 that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM) with the applicability marking of OFFICIAL.

The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning Red Hat Enterprise Linux security controls with the ISM, which can be used to select controls specific to an organisation's security posture and risk profile.

A copy of the ISM can be found at the ACSC website:

https://www.cyber.gov.au/ism

Profile ID: xccdf_org.ssgproject.content_profile_ospp

This profile reflects mandatory configuration controls identified in the NIAP Configuration Annex to the Protection Profile for General Purpose Operating Systems (Protection Profile Version 4.2.1).

This configuration profile is consistent with CNSSI-1253, which requires U.S. National Security Systems to adhere to certain configuration parameters. Accordingly, this configuration profile is suitable for use in U.S. National Security Systems.

Profile ID: xccdf_org.ssgproject.content_profile_pci-dss

Ensures PCI-DSS v3.2.1 security configuration settings are applied.

Profile ID: xccdf_org.ssgproject.content_profile_stig

This profile contains configuration checks that align to the DISA STIG for Red Hat Enterprise Linux 8 V1R5.

In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this configuration baseline as applicable to the operating system tier of Red Hat technologies that are based on Red Hat Enterprise Linux 8, such as:

- Red Hat Enterprise Linux Server - Red Hat Enterprise Linux Workstation and Desktop - Red Hat Enterprise Linux for HPC - Red Hat Storage - Red Hat Containers with a Red Hat Enterprise Linux 8 image

Profile ID: xccdf_org.ssgproject.content_profile_stig_gui

This profile contains configuration checks that align to the DISA STIG with GUI for Red Hat Enterprise Linux 8 V1R5.

In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this configuration baseline as applicable to the operating system tier of Red Hat technologies that are based on Red Hat Enterprise Linux 8, such as:

- Red Hat Enterprise Linux Server - Red Hat Enterprise Linux Workstation and Desktop - Red Hat Enterprise Linux for HPC - Red Hat Storage - Red Hat Containers with a Red Hat Enterprise Linux 8 image

Warning: The installation and use of a Graphical User Interface (GUI) increases your attack vector and decreases your overall security posture. If your Information Systems Security Officer (ISSO) lacks a documented operational requirement for a graphical user interface, please consider using the standard DISA STIG for Red Hat Enterprise Linux 8 profile.

Profile ID: xccdf_org.ssgproject.content_profile_stig

This profile is developed under the DoD consensus model and DISA FSO Vendor STIG process, serving as the upstream development environment for the Firefox STIG.

As a result of the upstream/downstream relationship between the SCAP Security Guide project and the official DISA FSO STIG baseline, users should expect variance between SSG and DISA FSO content. For official DISA FSO STIG content, refer to https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=app-security%2Cbrowser-guidance.

While this profile is packaged by Red Hat as part of the SCAP Security Guide package, please note that commercial support of this SCAP content is NOT available. This profile is provided as example SCAP content with no endorsement for suitability or production readiness. Support for this profile is provided by the upstream SCAP Security Guide community on a best-effort basis. The upstream project homepage is https://www.open-scap.org/security-policies/scap-security-guide/.

Profile ID: xccdf_org.ssgproject.content_profile_stig

The Java Runtime Environment (JRE) is a bundle developed and offered by Oracle Corporation which includes the Java Virtual Machine (JVM), class libraries, and other components necessary to run Java applications and applets. Certain default settings within the JRE pose a security risk so it is necessary to deploy system wide properties to ensure a higher degree of security when utilizing the JRE.

The IBM Corporation also develops and bundles the Java Runtime Environment (JRE) as well as Red Hat with OpenJDK.

Profile ID: xccdf_org.ssgproject.content_profile_C2S

This profile demonstrates compliance against the U.S. Government Commercial Cloud Services (C2S) baseline.

This baseline was inspired by the Center for Internet Security (CIS) Red Hat Enterprise Linux 7 Benchmark, v2.1.1 - 01-31-2017.

For the SCAP Security Guide project to remain in compliance with CIS' terms and conditions, specifically Restrictions(8), note there is no representation or claim that the C2S profile will ensure a system is in compliance or consistency with the CIS baseline.

Profile ID: xccdf_org.ssgproject.content_profile_anssi_nt28_enhanced

This profile contains configurations that align to ANSSI-BP-028 v1.2 at the enhanced hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

A copy of the ANSSI-BP-028 can be found at the ANSSI website: https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/

Profile ID: xccdf_org.ssgproject.content_profile_anssi_nt28_high

This profile contains configurations that align to ANSSI-BP-028 v1.2 at the high hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

A copy of the ANSSI-BP-028 can be found at the ANSSI website: https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/

Profile ID: xccdf_org.ssgproject.content_profile_anssi_nt28_intermediary

This profile contains configurations that align to ANSSI-BP-028 v1.2 at the intermediary hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

A copy of the ANSSI-BP-028 can be found at the ANSSI website: https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/

Profile ID: xccdf_org.ssgproject.content_profile_anssi_nt28_minimal

This profile contains configurations that align to ANSSI-BP-028 v1.2 at the minimal hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

A copy of the ANSSI-BP-028 can be found at the ANSSI website: https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/

Profile ID: xccdf_org.ssgproject.content_profile_cis

This profile defines a baseline that aligns to the "Level 2 - Server" configuration from the Center for Internet Security® Red Hat Enterprise Linux 7 Benchmark™, v3.1.1, released 05-21-2021.

This profile includes Center for Internet Security® Red Hat Enterprise Linux 7 CIS Benchmarks™ content.

Profile ID: xccdf_org.ssgproject.content_profile_cis_server_l1

This profile defines a baseline that aligns to the "Level 1 - Server" configuration from the Center for Internet Security® Red Hat Enterprise Linux 7 Benchmark™, v3.1.1, released 05-21-2021.

This profile includes Center for Internet Security® Red Hat Enterprise Linux 7 CIS Benchmarks™ content.

Profile ID: xccdf_org.ssgproject.content_profile_cis_workstation_l1

This profile defines a baseline that aligns to the "Level 1 - Workstation" configuration from the Center for Internet Security® Red Hat Enterprise Linux 7 Benchmark™, v3.1.1, released 05-21-2021.

This profile includes Center for Internet Security® Red Hat Enterprise Linux 7 CIS Benchmarks™ content.

Profile ID: xccdf_org.ssgproject.content_profile_cis_workstation_l2

This profile defines a baseline that aligns to the "Level 2 - Workstation" configuration from the Center for Internet Security® Red Hat Enterprise Linux 7 Benchmark™, v3.1.1, released 05-21-2021.

This profile includes Center for Internet Security® Red Hat Enterprise Linux 7 CIS Benchmarks™ content.

Profile ID: xccdf_org.ssgproject.content_profile_cjis

This profile is derived from FBI's CJIS v5.4 Security Policy. A copy of this policy can be found at the CJIS Security Policy Resource Center:

https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center

Profile ID: xccdf_org.ssgproject.content_profile_cui

From NIST 800-171, Section 2.2: Security requirements for protecting the confidentiality of CUI in non-federal information systems and organizations have a well-defined structure that consists of:

(i) a basic security requirements section; (ii) a derived security requirements section.

The basic security requirements are obtained from FIPS Publication 200, which provides the high-level and fundamental security requirements for federal information and information systems. The derived security requirements, which supplement the basic security requirements, are taken from the security controls in NIST Special Publication 800-53.

This profile configures Red Hat Enterprise Linux 7 to the NIST Special Publication 800-53 controls identified for securing Controlled Unclassified Information (CUI).

Profile ID: xccdf_org.ssgproject.content_profile_e8

This profile contains configuration checks for Red Hat Enterprise Linux 7 that align to the Australian Cyber Security Centre (ACSC) Essential Eight.

A copy of the Essential Eight in Linux Environments guide can be found at the ACSC website:

https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers

Profile ID: xccdf_org.ssgproject.content_profile_hipaa

The HIPAA Security Rule establishes U.S. national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

This profile configures Red Hat Enterprise Linux 7 to the HIPAA Security Rule identified for securing of electronic protected health information. Use of this profile in no way guarantees or makes claims against legal compliance against the HIPAA Security Rule(s).

Profile ID: xccdf_org.ssgproject.content_profile_ncp

This compliance profile reflects the core set of security related configuration settings for deployment of Red Hat Enterprise Linux 7.x into U.S. Defense, Intelligence, and Civilian agencies. Development partners and sponsors include the U.S. National Institute of Standards and Technology (NIST), U.S. Department of Defense, the National Security Agency, and Red Hat.

This baseline implements configuration requirements from the following sources:

- Committee on National Security Systems Instruction No. 1253 (CNSSI 1253) - NIST Controlled Unclassified Information (NIST 800-171) - NIST 800-53 control selections for MODERATE impact systems (NIST 800-53) - U.S. Government Configuration Baseline (USGCB) - NIAP Protection Profile for General Purpose Operating Systems v4.2.1 (OSPP v4.2.1) - DISA Operating System Security Requirements Guide (OS SRG)

For any differing configuration requirements, e.g. password lengths, the stricter security setting was chosen. Security Requirement Traceability Guides (RTMs) and sample System Security Configuration Guides are provided via the scap-security-guide-docs package.

This profile reflects U.S. Government consensus content and is developed through the OpenSCAP/SCAP Security Guide initiative, championed by the National Security Agency. Except for differences in formatting to accommodate publishing processes, this profile mirrors OpenSCAP/SCAP Security Guide content as minor divergences, such as bugfixes, work through the consensus and release processes.

Profile ID: xccdf_org.ssgproject.content_profile_ospp

This profile reflects mandatory configuration controls identified in the NIAP Configuration Annex to the Protection Profile for General Purpose Operating Systems (Protection Profile Version 4.2.1).

This configuration profile is consistent with CNSSI-1253, which requires U.S. National Security Systems to adhere to certain configuration parameters. Accordingly, this configuration profile is suitable for use in U.S. National Security Systems.

Profile ID: xccdf_org.ssgproject.content_profile_pci-dss

Ensures PCI-DSS v3.2.1 security configuration settings are applied.

Profile ID: xccdf_org.ssgproject.content_profile_rhelh-stig

This profile contains configuration checks for Red Hat Virtualization based on the the DISA STIG for Red Hat Enterprise Linux 7.

Profile ID: xccdf_org.ssgproject.content_profile_rhelh-vpp

This compliance profile reflects the core set of security related configuration settings for deployment of Red Hat Enterprise Linux Hypervisor (RHELH) 7.x into U.S. Defense, Intelligence, and Civilian agencies. Development partners and sponsors include the U.S. National Institute of Standards and Technology (NIST), U.S. Department of Defense, the National Security Agency, and Red Hat.

This baseline implements configuration requirements from the following sources:

- Committee on National Security Systems Instruction No. 1253 (CNSSI 1253) - NIST 800-53 control selections for MODERATE impact systems (NIST 800-53) - U.S. Government Configuration Baseline (USGCB) - NIAP Protection Profile for Virtualization v1.0 (VPP v1.0)

For any differing configuration requirements, e.g. password lengths, the stricter security setting was chosen. Security Requirement Traceability Guides (RTMs) and sample System Security Configuration Guides are provided via the scap-security-guide-docs package.

This profile reflects U.S. Government consensus content and is developed through the ComplianceAsCode project, championed by the National Security Agency. Except for differences in formatting to accommodate publishing processes, this profile mirrors ComplianceAsCode content as minor divergences, such as bugfixes, work through the consensus and release processes.

Profile ID: xccdf_org.ssgproject.content_profile_rht-ccp

This profile contains the minimum security relevant configuration settings recommended by Red Hat, Inc for Red Hat Enterprise Linux 7 instances deployed by Red Hat Certified Cloud Providers.

Profile ID: xccdf_org.ssgproject.content_profile_standard

This profile contains rules to ensure standard security baseline of a Red Hat Enterprise Linux 7 system. Regardless of your system's workload all of these checks should pass.

Profile ID: xccdf_org.ssgproject.content_profile_stig

This profile contains configuration checks that align to the DISA STIG for Red Hat Enterprise Linux V3R7.

In addition to being applicable to Red Hat Enterprise Linux 7, DISA recognizes this configuration baseline as applicable to the operating system tier of Red Hat technologies that are based on Red Hat Enterprise Linux 7, such as:

- Red Hat Enterprise Linux Server - Red Hat Enterprise Linux Workstation and Desktop - Red Hat Enterprise Linux for HPC - Red Hat Storage - Red Hat Containers with a Red Hat Enterprise Linux 7 image

Profile ID: xccdf_org.ssgproject.content_profile_stig_gui

This profile contains configuration checks that align to the DISA STIG with GUI for Red Hat Enterprise Linux V3R7.

In addition to being applicable to Red Hat Enterprise Linux 7, DISA recognizes this configuration baseline as applicable to the operating system tier of Red Hat technologies that are based on Red Hat Enterprise Linux 7, such as:

- Red Hat Enterprise Linux Server - Red Hat Enterprise Linux Workstation and Desktop - Red Hat Enterprise Linux for HPC - Red Hat Storage - Red Hat Containers with a Red Hat Enterprise Linux 7 image

Warning: The installation and use of a Graphical User Interface (GUI) increases your attack vector and decreases your overall security posture. If your Information Systems Security Officer (ISSO) lacks a documented operational requirement for a graphical user interface, please consider using the standard DISA STIG for Red Hat Enterprise Linux 7 profile.

Profile ID: xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced

This profile contains configurations that align to ANSSI-BP-028 v1.2 at the enhanced hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

A copy of the ANSSI-BP-028 can be found at the ANSSI website: https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/

Profile ID: xccdf_org.ssgproject.content_profile_anssi_bp28_high

This profile contains configurations that align to ANSSI-BP-028 v1.2 at the high hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

A copy of the ANSSI-BP-028 can be found at the ANSSI website: https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/

Profile ID: xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary

This profile contains configurations that align to ANSSI-BP-028 v1.2 at the intermediary hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

A copy of the ANSSI-BP-028 can be found at the ANSSI website: https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/

Profile ID: xccdf_org.ssgproject.content_profile_anssi_bp28_minimal

This profile contains configurations that align to ANSSI-BP-028 v1.2 at the minimal hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

A copy of the ANSSI-BP-028 can be found at the ANSSI website: https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/

Profile ID: xccdf_org.ssgproject.content_profile_cis

This profile defines a baseline that aligns to the "Level 2 - Server" configuration from the Center for Internet Security® Red Hat Enterprise Linux 8 Benchmark™, v2.0.0, released 2022-02-23.

This profile includes Center for Internet Security® Red Hat Enterprise Linux 8 CIS Benchmarks™ content.

Profile ID: xccdf_org.ssgproject.content_profile_cis_server_l1

This profile defines a baseline that aligns to the "Level 1 - Server" configuration from the Center for Internet Security® Red Hat Enterprise Linux 8 Benchmark™, v2.0.0, released 2022-02-23.

This profile includes Center for Internet Security® Red Hat Enterprise Linux 8 CIS Benchmarks™ content.

Profile ID: xccdf_org.ssgproject.content_profile_cis_workstation_l1

This profile defines a baseline that aligns to the "Level 1 - Workstation" configuration from the Center for Internet Security® Red Hat Enterprise Linux 8 Benchmark™, v2.0.0, released 2022-02-23.

This profile includes Center for Internet Security® Red Hat Enterprise Linux 8 CIS Benchmarks™ content.

Profile ID: xccdf_org.ssgproject.content_profile_cis_workstation_l2

This profile defines a baseline that aligns to the "Level 2 - Workstation" configuration from the Center for Internet Security® Red Hat Enterprise Linux 8 Benchmark™, v2.0.0, released 2022-02-23.

This profile includes Center for Internet Security® Red Hat Enterprise Linux 8 CIS Benchmarks™ content.

Profile ID: xccdf_org.ssgproject.content_profile_cui

From NIST 800-171, Section 2.2: Security requirements for protecting the confidentiality of CUI in nonfederal information systems and organizations have a well-defined structure that consists of:

(i) a basic security requirements section; (ii) a derived security requirements section.

The basic security requirements are obtained from FIPS Publication 200, which provides the high-level and fundamental security requirements for federal information and information systems. The derived security requirements, which supplement the basic security requirements, are taken from the security controls in NIST Special Publication 800-53.

This profile configures Red Hat Enterprise Linux 8 to the NIST Special Publication 800-53 controls identified for securing Controlled Unclassified Information (CUI)."

Profile ID: xccdf_org.ssgproject.content_profile_e8

This profile contains configuration checks for Red Hat Enterprise Linux 8 that align to the Australian Cyber Security Centre (ACSC) Essential Eight.

A copy of the Essential Eight in Linux Environments guide can be found at the ACSC website:

https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers

Profile ID: xccdf_org.ssgproject.content_profile_hipaa

The HIPAA Security Rule establishes U.S. national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

This profile configures Red Hat Enterprise Linux 8 to the HIPAA Security Rule identified for securing of electronic protected health information. Use of this profile in no way guarantees or makes claims against legal compliance against the HIPAA Security Rule(s).

Profile ID: xccdf_org.ssgproject.content_profile_ism_o

This profile contains configuration checks for Red Hat Enterprise Linux 8 that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM) with the applicability marking of OFFICIAL.

The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning Red Hat Enterprise Linux security controls with the ISM, which can be used to select controls specific to an organisation's security posture and risk profile.

A copy of the ISM can be found at the ACSC website:

https://www.cyber.gov.au/ism

Profile ID: xccdf_org.ssgproject.content_profile_ospp

This profile reflects mandatory configuration controls identified in the NIAP Configuration Annex to the Protection Profile for General Purpose Operating Systems (Protection Profile Version 4.2.1).

This configuration profile is consistent with CNSSI-1253, which requires U.S. National Security Systems to adhere to certain configuration parameters. Accordingly, this configuration profile is suitable for use in U.S. National Security Systems.

Profile ID: xccdf_org.ssgproject.content_profile_pci-dss

Ensures PCI-DSS v3.2.1 security configuration settings are applied.

Profile ID: xccdf_org.ssgproject.content_profile_stig

This profile contains configuration checks that align to the DISA STIG for Red Hat Enterprise Linux 8 V1R7.

In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this configuration baseline as applicable to the operating system tier of Red Hat technologies that are based on Red Hat Enterprise Linux 8, such as:

- Red Hat Enterprise Linux Server - Red Hat Enterprise Linux Workstation and Desktop - Red Hat Enterprise Linux for HPC - Red Hat Storage - Red Hat Containers with a Red Hat Enterprise Linux 8 image

Profile ID: xccdf_org.ssgproject.content_profile_stig_gui

This profile contains configuration checks that align to the DISA STIG with GUI for Red Hat Enterprise Linux 8 V1R7.

In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this configuration baseline as applicable to the operating system tier of Red Hat technologies that are based on Red Hat Enterprise Linux 8, such as:

- Red Hat Enterprise Linux Server - Red Hat Enterprise Linux Workstation and Desktop - Red Hat Enterprise Linux for HPC - Red Hat Storage - Red Hat Containers with a Red Hat Enterprise Linux 8 image

Warning: The installation and use of a Graphical User Interface (GUI) increases your attack vector and decreases your overall security posture. If your Information Systems Security Officer (ISSO) lacks a documented operational requirement for a graphical user interface, please consider using the standard DISA STIG for Red Hat Enterprise Linux 8 profile.

Profile ID: xccdf_org.ssgproject.content_profile_pci-dss

Ensures PCI-DSS v3.2.1 security configuration settings are applied.

Profile ID: xccdf_org.ssgproject.content_profile_standard

This profile contains rules to ensure standard security baseline of a Red Hat Enterprise Linux 7 system. Regardless of your system's workload all of these checks should pass.

Houses SCAP content utilizing the following naming conventions:

SCAP Source Datastreams: ssg-{product}-ds.xml

CPE Dictionaries: ssg-{product}-cpe-dictionary.xml

CPE OVAL Content: ssg-{product}-cpe-oval.xml

OVAL Content: ssg-{product}-oval.xml

XCCDF Content: ssg-{product}-xccdf.xml

HTML versions of SSG profiles.

Contains Ansible Playbooks for SSG profiles.

Contains Bash remediation scripts for SSG profiles.