
<div dir="ltr"><p style="margin-top:0in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><a name="_MailOriginal"><strong><span style="font-size:10.5pt;font-family:Helvetica">Product:</span></strong></a><span style="font-size:10.5pt;font-family:Helvetica"><br>

BigFix Compliance</span></p>


<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><strong><span style="font-size:10.5pt;font-family:Helvetica">Title:</span></strong><span style="font-size:10.5pt;font-family:Helvetica"><br>

</span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica;color:black">Updated</span><span style="font-size:10.5pt;font-family:Helvetica"> DISA STIG Checklist

for RHEL 8 </span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica">with bug fixes</span><span style="font-size:10.5pt;font-family:Helvetica"></span></p>


<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><strong><span style="font-size:10.5pt;font-family:Helvetica">Security Benchmark:</span></strong><span style="font-size:10.5pt;font-family:Helvetica"><br>

DISA STIG Checklist for RHEL 8 Benchmark, V1,R</span><span style="font-size:10.5pt;font-family:Helvetica;color:black">12</span><span style="font-size:10.5pt;font-family:Helvetica"></span></p>


<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><strong><span style="font-size:10.5pt;font-family:Helvetica">Published Sites:</span></strong><span style="font-size:10.5pt;font-family:Helvetica"><br>

DISA STIG Checklist for RHEL 8, site version </span><span style="font-size:10.5pt;font-family:Helvetica;color:black">17</span><span style="font-size:10.5pt;font-family:Helvetica"><br>

(The site version is provided for air-gap customers.)</span></p>


<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><strong><span style="font-size:10.5pt;font-family:Helvetica">Details:</span></strong><span style="font-size:10.5pt;font-family:Helvetica"></span></p>


<p class="gmail-MsoListParagraphCxSpFirst" style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">      

</span></span><span style="font-size:10.5pt;font-family:Helvetica;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Fixed and

Improved implementation and added more remediation support for the following

check:</span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica"></span></p>


<table class="gmail-MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="1812" style="width:1359.05pt;border-collapse:collapse">

 <tbody><tr style="height:0.2in">

  <td width="1812" nowrap valign="bottom" style="width:1359.05pt;padding:0in 5.4pt;height:0.2in">

  <p class="gmail-MsoListParagraphCxSpLast" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:black">-<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       

  </span></span>RHEL 8 must prohibit the use of cached authentications

  after one day<span style="color:black">.</span></p>

  </td>

  
 </tr>

 <tr style="height:0.2in">

  <td width="1812" nowrap valign="bottom" style="width:1359.05pt;padding:0in 5.4pt;height:0.2in">

  <p class="gmail-MsoListParagraphCxSpFirst" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:black">-<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       

  </span></span><span style="color:black">RHEL 8 must not forward IPv4 source-routed packets.</span></p>

  <p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:black">-<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       

  </span></span><span style="color:black">RHEL 8 must prevent IPv4 Internet Control Message Protocol

  (ICMP) redirect messages from being accepted.</span></p>

  <p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:black">-<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       

  </span></span><span style="color:black">RHEL 8 must not forward IPv4 source-routed packets by default.</span></p>

  <p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:black">-<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       

  </span></span><span style="color:black">RHEL 8 must ignore IPv4 Internet Control Message Protocol (ICMP)

  redirect messages.</span></p>

  <p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:black">-<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       

  </span></span><span style="color:black">RHEL 8 must not enable IPv4 packet forwarding unless the system

  is a router.</span></p>

  <p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:black">-<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       

  </span></span><span style="color:black">RHEL 8 must prevent the loading of a new kernel for later

  execution.</span></p>

  <p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:black">-<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       

  </span></span><span style="color:black">RHEL 8 must enable kernel parameters to enforce discretionary

  access control on hardlinks.</span></p>

  <p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:black">-<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       

  </span></span><span style="color:black">RHEL 8 must enable kernel parameters to enforce discretionary

  access control on symlinks.</span></p>

  <p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:black">-<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       

  </span></span><span style="color:black">RHEL 8 must restrict access to the kernel message buffer.</span></p>

  <p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:black">-<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       

  </span></span><span style="color:black">RHEL 8 must prevent kernel profiling by unprivileged users.</span></p>

  <p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:black">-<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       

  </span></span><span style="color:black">RHEL 8 must implement address space layout randomization (ASLR)

  to protect its memory from unauthorized code </span></p>

  <p class="gmail-MsoListParagraphCxSpLast" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="color:black">Execution.</span></p>

  </td>

  
 </tr>

</tbody></table>


<p class="MsoNormal" style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica"> </span></p>


<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><strong><span style="font-size:10.5pt;font-family:Helvetica">Actions to take:</span></strong><span style="font-size:10.5pt;font-family:Helvetica"></span></p>


<ul type="disc" style="margin-bottom:0in">

 <li class="MsoNormal" style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10.5pt;font-family:Helvetica">To subscribe to the above site, you can

     use the License Overview Dashboard to enable and gather the site. Note

     that you must be entitled to the BigFix Compliance product, and you must

     be using BigFix version 9.2 and later.</span></li>

 <li class="MsoNormal" style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10.5pt;font-family:Helvetica">If you use custom sites, update your

     custom sites accordingly to use the latest content. You can synchronize

     your content by using the Synchronize Custom Checks wizard. For more

     information, see </span><a href="https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhelp.hcltechsw.com%2Fbigfix%2F10.0%2Fcompliance%2FCompliance%2FSCM_Users_Guide%2Fc_using_synchronize_custom_checks_wiz.html&data=04%7C01%7Cshriramesachin.gulab%40hcl.com%7C57a38011e90149b1dc5808d9793e1d0c%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637674129971773238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=gZuYo6ROq%2BFAjYfQYc2%2BJxc%2FkUvbuYS7K%2BRA%2FJiizes%3D&reserved=0" style="color:rgb(5,99,193)"><span style="font-size:10.5pt;font-family:Helvetica;color:rgb(0,136,204)">https://help.hcltechsw.com/bigfix/10.0/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html</span></a><span style="font-size:10.5pt;font-family:Helvetica"></span></li>

</ul>


<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><strong><span style="font-size:10.5pt;font-family:Helvetica">More information:</span></strong><span style="font-size:10.5pt;font-family:Helvetica"><br>

To know more about the BigFix Compliance SCM checklists, please see the

following resources:</span></p>


<ul type="disc" style="margin-bottom:0in">

 <li class="MsoNormal" style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><b><span style="font-size:10.5pt;font-family:Helvetica">BigFix Forum:</span></b><span style="font-size:10.5pt;font-family:Helvetica"><br>

     </span><a href="https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fforum.bigfix.com%2Fc%2Frelease-announcements%2Fcompliance&data=04%7C01%7Cshriramesachin.gulab%40hcl.com%7C57a38011e90149b1dc5808d9793e1d0c%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637674129971783194%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=gfMu6ZdFXyD8jqzF8%2BYQdc7Tv3zuiZr81YkzwLpdDS8%3D&reserved=0" style="color:rgb(5,99,193)"><span style="font-size:10.5pt;font-family:Helvetica;color:rgb(0,136,204)">https://forum.bigfix.com/c/release-announcements/compliance</span></a><span style="font-size:10.5pt;font-family:Helvetica"></span></li>

 <li class="MsoNormal" style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><b><span style="font-size:10.5pt;font-family:Helvetica">BigFix Compliance SCM Checklists:</span></b><span style="font-size:10.5pt;font-family:Helvetica"><br>

     </span><a href="https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbigfix-wiki.hcltechsw.com%2Fwikis%2Fhome%3Flang%3Den-us%23!%2Fwiki%2FBigFix%2520Wiki%2Fpage%2FSCM%2520Checklists&data=04%7C01%7Cshriramesachin.gulab%40hcl.com%7C57a38011e90149b1dc5808d9793e1d0c%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637674129971783194%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=0OD4f8RUxnRZVEr77q%2F4ckk5VsgwnREMRJAu4ShVaww%3D&reserved=0" style="color:rgb(5,99,193)"><span style="font-size:10.5pt;font-family:Helvetica;color:rgb(0,136,204)">https://bigfix-wiki.hcltechsw.com/wikis/home?lang=en-us#!/wiki/BigFix%20Wiki/page/SCM%20Checklists</span></a><span style="font-size:10.5pt;font-family:Helvetica"></span></li>

</ul>


<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10.5pt;font-family:Helvetica">We hope you find this latest release of SCM content useful and

effective. Thank you!</span></p>


<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10.5pt;font-family:Helvetica">– The BigFix Compliance team</span><span style="font-size:10.5pt;font-family:Helvetica"></span></p>


<p class="MsoNormal" style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"> </p></div>