[BESAdmin-Announcements] BigFix Compliance: Updated DISA STIG Checklist for Oracle Linux 7, published 2025-06-25
Announcements for BES Administrators
besadmin-announcements at bigmail.bigfix.com
Thu Jun 25 07:36:21 PDT 2026
*Product:*
BigFix Compliance
*Title:*
Updated DISA STIG Checklist for Oracle Linux 7
*Security Benchmark:*
DISA Oracle Linux 7 STIG SCAP Benchmark, V3R5
*Published Sites:*
DISA STIG Checklist for Oracle Linux 7, site version 7
(The site version is provided for air-gap customers.)
*Details:*
● Total New Fixlets: 0
● Total Updated Fixlets: 8
● Total Deleted Fixlets: 0
● Total Fixlets in Site: 240
*Updated Fixlets:*
● Oracle Linux 7 must not install packages from the Extra Packages for
Enterprise Linux (EPEL) repository.
● The Oracle Linux operating system must restrict access to the kernel
message buffer.
● The Oracle Linux operating system must require authentication upon
booting into single-user and maintenance modes.
● Oracle Linux operating systems version 7.2 or newer with a Basic
Input/Output System (BIOS) must require authentication upon booting into
single-user and maintenance modes.
● Oracle Linux operating systems version 7.2 or newer booted with a
BIOS must have a unique name for the grub superusers account when booting
into single-user and maintenance modes.
● Oracle Linux operating systems version 7.2 or newer using Unified
Extensible Firmware Interface (UEFI) must require authentication upon
booting into single-user and maintenance modes.
● Oracle Linux operating systems version 7.2 or newer booted with
United Extensible Firmware Interface (UEFI) must have a unique name for the
grub superusers account when booting into single-user mode and maintenance.
● The Oracle Linux operating system must be a vendor-supported release.
*Additional details:*
● Both analysis and remediation checks are included.
● Some of the checks allow you to use the parameterized setting to
enable customization for compliance evaluation. Note that parameterization
and remediation actions require the creation of a custom site.
● Improved a few checks by adding the pending restart feature to them.
The pending restart feature works in the following ways:
● The action results will show “Pending Restart” instead of “Fixed”
for those checks which require OS reboot.
● The check will show relevant for those endpoints until they are
rebooted.
● Post reboot of the endpoint the action results will show as “Fixed”
and the check will be compliant.
*Actions to take:*
● To subscribe to the above site, you can use the License Overview
Dashboard to enable and gather the site. Note that you must be entitled to
the BigFix Compliance product and you must be using BigFix version 9.5 and
later.
● If you use custom sites, update your custom sites accordingly to
use the latest content. You can synchronize your content by using the
Synchronize Custom Checks wizard. For more information, see Using the
Synchronize Custom Checks wizard
<https://help.hcltechsw.com/bigfix/11.0/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html>
*More information:*
To know more about the BigFix Compliance SCM checklists, please see the
following resources:
● BigFix Forum:
https://forum.bigfix.com/c/release-announcements/compliance
● BigFix Compliance SCM Checklists:
https://bigfix-wiki.hcltechsw.com/wikis/home?lang=en-us#!/wiki/BigFix%20Wiki/page/SCM%20Checklists
https://forum.bigfix.com/c/release-announcements/scm-checklists/86
We hope you find this latest release of SCM content useful and effective.
Thank you!
*– The BigFix Compliance team*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20260625/ad20cd37/attachment.html>
More information about the Besadmin-announcements
mailing list