<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:Helvetica;
        panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:42101154;
        mso-list-template-ids:-2027148460;}
@list l0:level1
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:.75in;
        mso-level-number-position:left;
        margin-left:.75in;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:1.25in;
        mso-level-number-position:left;
        margin-left:1.25in;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:"Courier New";
        mso-bidi-font-family:"Times New Roman";}
@list l0:level3
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:1.75in;
        mso-level-number-position:left;
        margin-left:1.75in;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l0:level4
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:2.25in;
        mso-level-number-position:left;
        margin-left:2.25in;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l0:level5
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:2.75in;
        mso-level-number-position:left;
        margin-left:2.75in;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l0:level6
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:3.25in;
        mso-level-number-position:left;
        margin-left:3.25in;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l0:level7
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:3.75in;
        mso-level-number-position:left;
        margin-left:3.75in;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l0:level8
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:4.25in;
        mso-level-number-position:left;
        margin-left:4.25in;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l0:level9
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:4.75in;
        mso-level-number-position:left;
        margin-left:4.75in;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1
        {mso-list-id:1886484348;
        mso-list-template-ids:519216708;}
@list l1:level1
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;
        mso-bidi-font-family:Symbol;}
@list l1:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:1.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:"Courier New";
        mso-bidi-font-family:"Times New Roman";}
@list l1:level3
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:1.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1:level4
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:2.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1:level5
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:2.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1:level6
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:3.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1:level7
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:3.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1:level8
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:4.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
@list l1:level9
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:4.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Wingdings;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p style="margin-top:0in;background:white"><strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Product:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
BigFix Compliance<o:p></o:p></span></p>
<p style="background:white"><strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Title:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
Updated CIS Checklist for Amazon Linux 2 Benchmark with bugfixes.<o:p></o:p></span></p>
<p style="background:white"><strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Security Benchmarks:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
CIS Amazon Linux 2 Benchmark, v1.0.0<o:p></o:p></span></p>
<p style="background:white"><strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Published Sites:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
CIS Checklist for Amazon Linux 2, Site version 2<br>
(The site version is provided for air-gap customers.)<o:p></o:p></span></p>
<p style="background:white"><strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Details:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
Fixed and improved implementation for the following checks:<o:p></o:p></span></p>
<ul type="disc">
<li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure AIDE is installed<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure at/cron is restricted to authorized users<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure chrony is configured<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure default deny firewall policy<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure default user umask is 027 or more restrictive<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure filesystem integrity is regularly checked<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure inactive password lock is 30 days or less<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure IPv6 default deny firewall policy<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure IPv6 loopback traffic is configured<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure loopback traffic is configured<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure nodev option set on /dev/shm partition<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure noexec option set on /dev/shm partition<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure nosuid option set on /dev/shm partition<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure ntp is configured<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure permissions on /etc/cron.d are configured<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure permissions on bootloader config are configured<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure permissions on SSH private host key files are configured<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure firewall rules exist for all open ports<o:p></o:p></span></li></ul>
<p style="background:white"><strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Actions to take:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
To subscribe to the above site, you can use the License Overview Dashboard to enable and gather the site. Note that you must be entitled to the BigFix Compliance product and you must be using BigFix version 9.2 and later.<o:p></o:p></span></p>
<p style="background:white"><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom
 Checks wizard. For more information, see<br>
<a href="https://help.hcltechsw.com/bigfix/9.5/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html" target="_blank"><span style="color:#0088CC">https://help.hcltechsw.com/bigfix/9.5/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html</span></a><o:p></o:p></span></p>
<p style="background:white"><strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">More information:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
To know more about the BigFix Compliance SCM checklists, please see the following resources:<o:p></o:p></span></p>
<p style="background:white"><strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">BigFix Forum:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
<a href="https://forum.bigfix.com/c/release-announcements/compliance" target="_blank"><span style="color:#0088CC">https://forum.bigfix.com/c/release-announcements/compliance</span></a><o:p></o:p></span></p>
<p style="background:white"><strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">BigFix Compliance SCM Checklists:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
<a href="https://bigfix-wiki.hcltechsw.com/wikis/home?lang=en-us#!/wiki/BigFix%20Wiki/page/SCM%20Checklists" target="_blank"><span style="color:#0088CC">https://bigfix-wiki.hcltechsw.com/wikis/home?lang=en-us#!/wiki/BigFix%20Wiki/page/SCM%20Checklists</span></a><o:p></o:p></span></p>
<p style="background:white"><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">We hope you find this latest release of SCM content useful and effective. Thank you!<br>
– The BigFix Compliance team<o:p></o:p></span></p>
</div>
</body>
</html>