<div dir="ltr"><h1 style="margin:0in;line-height:120%;break-after:auto;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:20pt;font-family:Arial,sans-serif;font-weight:normal"><b style="font-size:11pt"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Product:</span></b></h1><p class="MsoNormal" style="margin:0in 0in 14pt;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">
BigFix Compliance</span></p>

<p class="MsoNormal" style="margin:14pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Title:</span></b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif"><br>
<span style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Updated DISA STIG Checklist
for Red Hat Enterprise Linux 9.</span></span></p>

<p class="MsoNormal" style="margin:14pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Security
Benchmark:</span></b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif"><br>
<span style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Red Hat Enterprise Linux 9
STIG  Ver 2, Rel 5</span></span></p>

<p class="MsoNormal" style="margin:14pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Published
Sites:</span></b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif"><br>
<span style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">DISA STIG Checklist for RHEL
9, site version 6</span><br>
<span style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">(The site version is
provided for air-gap customers.)</span></span></p>

<p class="MsoNormal" style="margin:14pt 0in 8pt;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Details:</span></b></p>

<p class="MsoNormal" style="margin:12pt 0in 0.0001pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">     
</span></span><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Total New Fixlets:
1</span></b></p>

<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">     
</span></span><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Total Updated
Fixlets: 4</span></b></p>

<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">     
</span></span><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Total Deleted
Fixlets: 4</span></b></p>

<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">      </span></span><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Total Fixlets in Site: 442</span></b></p>

<p class="MsoNormal" style="margin:14pt 0in 8pt;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">New Fixlets:</span></b></p>

<p class="MsoNormal" style="margin:14pt 0in 8pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">      </span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">RHEL 9 must audit
any script or executable called by cron as root or by any privileged user.</span></p>

<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Updated Fixlets:</span></b></p>

<p class="MsoNormal" style="margin:14pt 0in 0.0001pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">     
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">RHEL 9 groups must have unique Group ID
(GID).</span></p>

<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">     
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">RHEL 9 duplicate User IDs (UIDs) must not
exist for interactive users.</span></p>

<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">     
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">RHEL 9 must log SSH connection attempts
and failures to the server.</span></p>

<p class="MsoNormal" style="margin:0in 0in 8pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">      </span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">RHEL 9 SSH daemon
must not allow compression or must only allow compression after successful
authentication.</span></p>

<p class="MsoNormal" style="margin:14pt 0in 8pt;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Deleted Fixlets:</span></b></p>

<p class="MsoNormal" style="margin:14pt 0in 0.0001pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">     
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">RHEL 9 must use mechanisms meeting the
requirements of applicable federal laws, executive orders, directives,
policies, regulations, standards, and guidance for authentication to a
cryptographic module.</span></p>

<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">     
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">RHEL 9 must implement DOD-approved
encryption ciphers to protect the confidentiality of SSH connections.</span></p>

<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">     
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">RHEL 9 /etc/audit/auditd.conf file must
have 0640 or less permissive to prevent unauthorized access.</span></p>

<p class="MsoNormal" style="margin:0in 0in 8pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">      </span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">RHEL 9 must use
mechanisms meeting the requirements of applicable federal laws, executive
orders, directives, policies, regulations, standards, and guidance for
authentication to a cryptographic module.</span></p>

<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Additional details:</span></b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial"><br>
● Both analysis and remediation checks are included<br>
● Some of the checks allow you to use the parameterized setting to enable
customization for compliance evaluation. Note that parameterization and
remediation actions require the creation of a custom site.<br>
Improved few checks by adding the pending restart feature to them. The pending
restart feature works in the following ways:<br>
● The action results will show “Pending Restart” instead of “Fixed” for those
checks which requires OS reboot.<br>
● The check will show relevant for those endpoints until they are rebooted.<br>
● Post reboot of the endpoint the action results will show as “Fixed” and the
check will be compliant.</span></p>

<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial"> </span></p>

<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Actions to take:</span></b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial"><br>
● To subscribe to the above site, you can use the License Overview Dashboard to
enable and gather the site. Note that you must be entitled to the BigFix
Compliance product and you must be using BigFix version 10 and later.<br>
● If you use custom sites, update your custom sites accordingly to use the
latest content. You can synchronize your content by using the Synchronize
Custom Checks wizard. For more information, see Using the Synchronize Custom
Checks wizard<br>
More information:<br>
To know more about the BigFix Compliance SCM checklists, please see the
following resources:</span></p>

<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial"><br>
● BigFix Forum:</span></p>

<h3 style="margin:11pt 0in 19pt 4pt;line-height:120%;break-after:auto;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:14pt;font-family:Arial,sans-serif;color:rgb(67,67,67);font-weight:normal"><a name="_eaib1dfz6w4s"></a><span lang="EN"><a href="https://forum.bigfix.com/c/release-announcements/compliance/63"><b><span style="font-size:12pt;line-height:120%;font-family:Calibri,sans-serif;color:rgb(0,136,204);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;text-decoration-line:none">Compliance (Release Announcements)</span></b></a></span><b><span lang="EN" style="font-size:12pt;line-height:120%;font-family:Calibri,sans-serif;color:rgb(0,136,204);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial"></span></b></h3>

<p class="MsoNormal" style="margin:23pt 0in 14pt 4pt;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">This category is
used by HCL to announce new releases for BigFix Compliance.</span></p>

<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">● BigFix Compliance
SCM Checklists:<br>
Welcome to Wikis<br>
We hope you find this latest release of SCM content useful and effective.</span></p>

<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Thank you!<br>
<i>– The BigFix Compliance team</i></span><span lang="EN" style="font-family:Calibri,sans-serif"></span></p></div>