[BESAdmin-Announcements] BigFix Compliance: Updated CIS Red Hat Enterprise Linux 9 with bugfixes, published 2026-04-22

Announcements for BES Administrators besadmin-announcements at bigmail.bigfix.com
Wed Apr 22 04:46:56 PDT 2026 

*Product:*
BigFix Compliance

*Title:*
Updated CIS Red Hat Enterprise Linux 9 with bugfixes.

*Security Benchmark:*
CIS Red Hat Enterprise Linux 9 Benchmark, v2.0.0

*Published Sites:*
CIS Checklist for RHEL 9, site version 13
(The site version is provided for air-gap customers.)

*Details:*

*Updated Fixlets: *

·        Updated the Deploy and Run Task.

·        Fixed the Measured Value and the Metadata.

·        Ensure system accounts do not have a valid login shell

·        Ensure accounts without a valid login shell are locked

·        Ensure GDM login banner is configured

·        Ensure events that modify user/group information are collected

·        Ensure nftables is installed

·        Ensure SELinux is not disabled in bootloader configuration

·        Ensure the SELinux mode is not disabled

·        Ensure active authselect profile includes pam modules

·        Ensure password history is enforced for the root user

·        Ensure cryptographic mechanisms are used to protect the integrity
of audit tools

·        Ensure unsuccessful file access attempts are collected





*Additional details:*

·        Both analysis and remediation checks are included

·        Some of the checks allow you to use the parameterized setting to
enable customization for compliance evaluation. Note that parameterization
and remediation actions require the creation of a custom site.

·        Improved few checks by adding the pending restart feature to them.
The pending restart feature works in the following ways:

·        The action results will show “Pending Restart” instead of “Fixed”
for those checks which requires OS reboot.

·        The check will show relevant for those endpoints until they are
rebooted.

·        Post reboot of the endpoint the action results will show as
“Fixed”, and the check will be compliant.

*Actions to take:*

   - To subscribe to the above site, you can use the License Overview
   Dashboard to enable and gather the site. Note that you must be entitled to
   the BigFix Compliance product, and you must be using BigFix version 10.0
   and later.
   - If you use custom sites, update your custom sites accordingly to use
   the latest content. You can synchronize your content by using the
   Synchronize Custom Checks wizard. For more information, see
   https://help.hcltechsw.com/bigfix/10.0/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html
   <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhelp.hcltechsw.com%2Fbigfix%2F10.0%2Fcompliance%2FCompliance%2FSCM_Users_Guide%2Fc_using_synchronize_custom_checks_wiz.html&data=05%7C01%7Cshriramesachin.gulab%40hcl.com%7Cb3aebf7519664028dc8b08da89dfe49e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637973891946148511%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CEUTAJPwrSlmXmlL%2FMAZcUReHV9bRp%2BL%2F7aHsDYcj7g%3D&reserved=0>

*More information:*
To know more about the BigFix Compliance SCM checklists, please see the
following resources:

   - BigFix Forum:
   https://forum.bigfix.com/c/release-announcements/compliance
   <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fforum.bigfix.com%2Fc%2Frelease-announcements%2Fcompliance&data=05%7C01%7Cshriramesachin.gulab%40hcl.com%7Cb3aebf7519664028dc8b08da89dfe49e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637973891946148511%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CgFoLnn2SUQDa8gV7EoPigfKH4hQk0a1GNq3swG2m8U%3D&reserved=0>
   - BigFix Compliance SCM Checklists:

   https://bigfix-wiki.hcltechsw.com/wikis/home?lang=en-us#!/wiki/BigFix%20Wiki/page/SCM%20Checklists
   <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbigfix-wiki.hcltechsw.com%2Fwikis%2Fhome%3Flang%3Den-us%23!%2Fwiki%2FBigFix%2520Wiki%2Fpage%2FSCM%2520Checklists&data=05%7C01%7Cshriramesachin.gulab%40hcl.com%7Cb3aebf7519664028dc8b08da89dfe49e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637973891946148511%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=uwTwmlSHfUoigLq95hv%2B%2F%2FmvBfoqab7OlPyaYKJEFgI%3D&reserved=0>

We hope you find this latest release of SCM content useful and effective.
Thank you!
– The BigFix Compliance team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20260422/0ea69959/attachment.html>

More information about the Besadmin-announcements mailing list