<div dir="ltr"><p style="margin-top:0in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><a name="_MailOriginal"><strong><span style="font-size:10.5pt;font-family:Helvetica">Product:</span></strong></a><span style="font-size:10.5pt;font-family:Helvetica"><br>
BigFix Compliance</span></p>

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><strong><span style="font-size:10.5pt;font-family:Helvetica">Title:</span></strong><span style="font-size:10.5pt;font-family:Helvetica"><br>
</span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica;color:black">Updated</span><span style="font-size:10.5pt;font-family:Helvetica"> DISA STIG Checklist
for RHEL 8 </span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica">with bug fixes</span><span style="font-size:10.5pt;font-family:Helvetica"></span></p>

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><strong><span style="font-size:10.5pt;font-family:Helvetica">Security Benchmark:</span></strong><span style="font-size:10.5pt;font-family:Helvetica"><br>
DISA STIG Checklist for RHEL 8 Benchmark, V1,R</span><span style="font-size:10.5pt;font-family:Helvetica;color:black">12</span><span style="font-size:10.5pt;font-family:Helvetica"></span></p>

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><strong><span style="font-size:10.5pt;font-family:Helvetica">Published Sites:</span></strong><span style="font-size:10.5pt;font-family:Helvetica"><br>
DISA STIG Checklist for RHEL 8, site version </span><span style="font-size:10.5pt;font-family:Helvetica;color:black">19</span><span style="font-size:10.5pt;font-family:Helvetica"><br>
(The site version is provided for air-gap customers.)</span></p>

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><strong><span style="font-size:10.5pt;font-family:Helvetica">Details:</span></strong><span style="font-size:10.5pt;font-family:Helvetica"></span></p>

<p class="gmail-MsoListParagraphCxSpFirst" style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">      
</span></span><span style="font-size:10.5pt;font-family:Helvetica;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Fixed and
Improved implementation and added more remediation support for the following
check:</span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica"></span></p>

<table class="gmail-MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="1812" style="width:1359.05pt;border-collapse:collapse">
 <tbody><tr style="height:0.2in">
  <td width="1812" nowrap valign="bottom" style="width:1359.05pt;padding:0in 5.4pt;height:0.2in">
  <p class="gmail-MsoListParagraphCxSpLast" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:black">-<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
  </span></span><span style="color:black">RHEL 8 must use reverse path filtering on all IPv4 interfaces.</span></p>
  </td>
  
 </tr>
 <tr style="height:0.2in">
  <td width="1812" nowrap valign="bottom" style="width:1359.05pt;padding:0in 5.4pt;height:0.2in">
  <p class="gmail-MsoListParagraphCxSpFirst" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:black">-<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
  </span></span><span style="color:black">Successful/unsuccessful uses of the kmod command in RHEL 8 must
  generate an audit record</span></p>
  <p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:black">-<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
  </span></span><span style="color:black">The RHEL 8 audit system must be configured to audit the
  execution of privileged functions and </span></p>
  <p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="color:black">prevent all
  software from executing at higher privilege levels than users executing the
  software.</span></p>
  <p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:black">-<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
  </span></span><span style="color:black">RHEL 8 must prohibit the use of cached authentications after one
  day.</span></p>
  <p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:black">-<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
  </span></span><span style="color:black">RHEL 8 must use a separate file system for /var/log</span></p>
  <p class="gmail-MsoListParagraphCxSpLast" style="margin:0in 0in 0in 0.5in;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:black">-<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
  </span></span><span style="color:black">A separate RHEL 8 filesystem must be used for the /tmp directory</span></p>
  </td>
  
 </tr>
</tbody></table>

<p class="MsoNormal" style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica"> </span></p>

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><strong><span style="font-size:10.5pt;font-family:Helvetica">Actions to take:</span></strong><span style="font-size:10.5pt;font-family:Helvetica"></span></p>

<ul type="disc" style="margin-bottom:0in">
 <li class="MsoNormal" style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10.5pt;font-family:Helvetica">To subscribe to the above site, you can
     use the License Overview Dashboard to enable and gather the site. Note
     that you must be entitled to the BigFix Compliance product, and you must
     be using BigFix version 9.2 and later.</span></li>
 <li class="MsoNormal" style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10.5pt;font-family:Helvetica">If you use custom sites, update your
     custom sites accordingly to use the latest content. You can synchronize
     your content by using the Synchronize Custom Checks wizard. For more
     information, see </span><a href="https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhelp.hcltechsw.com%2Fbigfix%2F10.0%2Fcompliance%2FCompliance%2FSCM_Users_Guide%2Fc_using_synchronize_custom_checks_wiz.html&data=04%7C01%7Cshriramesachin.gulab%40hcl.com%7C57a38011e90149b1dc5808d9793e1d0c%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637674129971773238%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=gZuYo6ROq%2BFAjYfQYc2%2BJxc%2FkUvbuYS7K%2BRA%2FJiizes%3D&reserved=0" style="color:rgb(5,99,193)"><span style="font-size:10.5pt;font-family:Helvetica;color:rgb(0,136,204)">https://help.hcltechsw.com/bigfix/10.0/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html</span></a><span style="font-size:10.5pt;font-family:Helvetica"></span></li>
</ul>

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><strong><span style="font-size:10.5pt;font-family:Helvetica">More information:</span></strong><span style="font-size:10.5pt;font-family:Helvetica"><br>
To know more about the BigFix Compliance SCM checklists, please see the
following resources:</span></p>

<ul type="disc" style="margin-bottom:0in">
 <li class="MsoNormal" style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><b><span style="font-size:10.5pt;font-family:Helvetica">BigFix Forum:</span></b><span style="font-size:10.5pt;font-family:Helvetica"><br>
     </span><a href="https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fforum.bigfix.com%2Fc%2Frelease-announcements%2Fcompliance&data=04%7C01%7Cshriramesachin.gulab%40hcl.com%7C57a38011e90149b1dc5808d9793e1d0c%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637674129971783194%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=gfMu6ZdFXyD8jqzF8%2BYQdc7Tv3zuiZr81YkzwLpdDS8%3D&reserved=0" style="color:rgb(5,99,193)"><span style="font-size:10.5pt;font-family:Helvetica;color:rgb(0,136,204)">https://forum.bigfix.com/c/release-announcements/compliance</span></a><span style="font-size:10.5pt;font-family:Helvetica"></span></li>
 <li class="MsoNormal" style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><b><span style="font-size:10.5pt;font-family:Helvetica">BigFix Compliance SCM Checklists:</span></b><span style="font-size:10.5pt;font-family:Helvetica"><br>
     </span><a href="https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbigfix-wiki.hcltechsw.com%2Fwikis%2Fhome%3Flang%3Den-us%23!%2Fwiki%2FBigFix%2520Wiki%2Fpage%2FSCM%2520Checklists&data=04%7C01%7Cshriramesachin.gulab%40hcl.com%7C57a38011e90149b1dc5808d9793e1d0c%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637674129971783194%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=0OD4f8RUxnRZVEr77q%2F4ckk5VsgwnREMRJAu4ShVaww%3D&reserved=0" style="color:rgb(5,99,193)"><span style="font-size:10.5pt;font-family:Helvetica;color:rgb(0,136,204)">https://bigfix-wiki.hcltechsw.com/wikis/home?lang=en-us#!/wiki/BigFix%20Wiki/page/SCM%20Checklists</span></a><span style="font-size:10.5pt;font-family:Helvetica"></span></li>
</ul>

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10.5pt;font-family:Helvetica">We hope you find this latest release of SCM content useful and
effective. Thank you!</span></p>

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10.5pt;font-family:Helvetica">– The BigFix Compliance team</span><span style="font-size:10.5pt;font-family:Helvetica"></span></p></div>