<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:Helvetica;
        panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:524751107;
        mso-list-template-ids:-1635628396;}
@list l0:level1
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;
        mso-bidi-font-family:Symbol;}
@list l0:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:1.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:"Courier New";
        mso-bidi-font-family:"Times New Roman";}
@list l0:level3
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:1.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l0:level4
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:2.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l0:level5
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:2.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l0:level6
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:3.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l0:level7
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:3.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l0:level8
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:4.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l0:level9
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:4.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1
        {mso-list-id:815999967;
        mso-list-template-ids:-1961316404;}
@list l1:level1
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l1:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:1.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:"Courier New";
        mso-bidi-font-family:"Times New Roman";}
@list l1:level3
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:1.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1:level4
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:2.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1:level5
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:2.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1:level6
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:3.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1:level7
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:3.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1:level8
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:4.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1:level9
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:4.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p style="margin-top:0in;background:white"><strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Product:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
BigFix Compliance<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Title:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
Updated DISA STIG Checklist for RHEL 7, CentOS Linux 7 with bug fixes.<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Security Benchmark:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
RHEL 7 STIG Version 2, Release 6<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Published Sites:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
DISA STIG Checklist for RHEL 7, site version 11<br>
(The site version is provided for air-gap customers.)<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Details:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
Fixed and improved implementation for the following checks:<o:p></o:p></span></p>
<ul type="disc">
<li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">The Red Hat Enterprise Linux operating system must display the date and time of the last successful account logon upon logon.<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">The Red Hat Enterprise Linux operating system must not have unauthorized IP tunnels configured.<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">For Red Hat Enterprise Linux operating systems using DNS resolution, at least two name servers must be configured.<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">The Red Hat Enterprise Linux operating system must label all off-loaded audit logs before sending them to the central log server.<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">The Red Hat Enterprise Linux operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect
 data requiring data-at-rest protections in<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">The Red Hat Enterprise Linux operating system must take appropriate action when the audisp-remote buffer is full.<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">The Red Hat Enterprise Linux operating system must require authentication upon booting into single-user and maintenance modes.<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications.<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">The Red Hat Enterprise Linux operating system must enable an application firewall, if available.<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">The Red Hat Enterprise Linux operating system must be a vendor-supported release.<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications. (B)<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">The Red Hat Enterprise Linux operating system must initiate an action to notify the System Administrator (SA) and Information System Security Officer ISSO, at a minimum, when allocated audit
 record storage volume reaches 75% of the repos<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">The Red Hat Enterprise Linux operating Must be configured so that all networked systems have SSH installed<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">The Red Hat Enterprise Linux operating system must be configured so that the SSH private host key files have mode 0640 or less permissive<o:p></o:p></span></li></ul>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Actions to take:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
• To subscribe to the above site, you can use the License Overview Dashboard to enable and gather the site. Note that you must be entitled to the BigFix Compliance product and you must be using BigFix version 9.2 and later.<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">• If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more
 information, see <a href="https://help.hcltechsw.com/bigfix/9.5/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html"><span style="color:#0088CC">https://help.hcltechsw.com/bigfix/9.5/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html</span></a>.<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">More information:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
To know more about the BigFix Compliance SCM checklists, please see the following resources:<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">• </span><strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">BigFix Forum:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
<a href="https://forum.bigfix.com/c/release-announcements/compliance" target="_blank"><span style="color:#0088CC">https://forum.bigfix.com/c/release-announcements/compliance</span></a><br>
• BigFix Compliance SCM Checklists:<br>
<a href="https://help.hcltechsw.com/bigfix/10.0/compliance/Compliance/SCM_Checklist/SCM_Checklist.html" target="_blank"><span style="color:#0088CC">https://help.hcltechsw.com/bigfix/10.0/compliance/Compliance/SCM_Checklist/SCM_Checklist.html</span></a><o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">We hope you find this latest release of SCM content useful and effective. Thank you!<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">– The BigFix Compliance team<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>