<div dir="ltr"><p style="margin-top:0in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><strong><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">Product:</span></strong><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif"><br>
BigFix Compliance</span><span lang="EN-IN"></span></p>

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><strong><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">Title:</span></strong><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif"><br>
Updated DISA Checklist for Ubuntu 20.04.</span><span lang="EN-IN"></span></p>

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><strong><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">Security Benchmark:</span></strong><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif"><br>
Canonical Ubuntu 20.04 LTS STIG, v2r4</span><span lang="EN-IN"></span></p>

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><strong><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">Published Sites:</span></strong><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif"><br>
</span><span style="color:black"><a style="color:rgb(5,99,193);text-decoration-line:underline"><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif;color:rgb(34,34,34);text-decoration-line:none">DISA STIG
Checklist for Ubuntu 20.04 LTS</span></a> </span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">Server, site version 6<br>
(The site version is provided for air-gap customers.)</span><span lang="EN-IN"></span></p>

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><strong><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">Details:</span></strong><span lang="EN-IN"></span></p>

<p class="MsoNormal" style="margin:12pt 0in 0.0001pt 0.75in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Symbol;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><b><span style="font-size:12pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Total New Fixlets: 8</span></b></p>

<p class="MsoNormal" style="margin:0in 0in 0in 0.75in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Symbol;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><b><span style="font-size:12pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Total Updated Fixlets: 1</span></b></p>

<p class="MsoNormal" style="margin:0in 0in 0in 0.75in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Symbol;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><b><span style="font-size:12pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Total Deleted Fixlets: 0</span></b></p>

<p class="MsoNormal" style="margin:0in 0in 12pt 0.75in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:10pt;font-family:Calibri,sans-serif"><span style="font-family:Symbol;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><b><span style="font-size:12pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Total Fixlets in Site: 171</span></b></p>

<p class="MsoNormal" style="margin:14pt 0in 8pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:10pt;font-family:Calibri,sans-serif"><b><span style="font-size:12pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">New Fixlets:</span></b></p>

<p class="MsoNormal" style="margin:0in 0in 0in 0.75in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:10pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">Ubuntu
20.04 LTS must audit any script or executable called by cron as root or by any
privileged user.</span></p>

<p class="MsoNormal" style="margin:0in 0in 0in 0.75in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:10pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">Ubuntu
20.04 LTS must have the "SSSD" package installed.</span></p>

<p class="MsoNormal" style="margin:0in 0in 0in 0.75in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:10pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">Ubuntu
20.04 LTS must use the "SSSD" package for multifactor authentication
services.</span></p>

<p class="MsoNormal" style="margin:0in 0in 0in 0.75in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:10pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">Ubuntu
20.04 LTS must ensure SSSD performs certificate path validation, including
revocation checking, against a trusted anchor for PKI-based authentication.</span></p>

<p class="MsoNormal" style="margin:0in 0in 0in 0.75in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:10pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">Ubuntu
20.04 LTS must be configured such that Pluggable Authentication Module (PAM)
prohibits the use of cached authentications after one day.</span></p>

<p class="MsoNormal" style="margin:0in 0in 0in 0.75in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:10pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">Ubuntu
20.04 LTS must map the authenticated identity to the user or group account for
PKI-based authentication.</span></p>

<p class="MsoNormal" style="margin:0in 0in 0in 0.75in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:10pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">Ubuntu
20.04 LTS must restrict privilege elevation to authorized personnel.</span></p>

<p class="MsoNormal" style="margin:0in 0in 0in 0.75in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:10pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">Ubuntu
20.04 LTS must require users to provide a password for privilege escalation.</span></p>

<p class="MsoNormal" style="margin:0in 0in 0in 0.75in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:10pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">asd.</span></p>

<p class="MsoNormal" style="margin:12pt 0in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:10pt;font-family:Calibri,sans-serif"><b><span style="font-size:12pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Updated Fixlets:</span></b></p>

<p class="MsoNormal" style="margin:0in 0in 0in 0.75in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:10pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">The Ubuntu
operating system must require users to reauthenticate for privilege escalation
or when changing roles.</span></p>

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><strong><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">Actions to take:</span></strong></p>

<p style="margin-left:0.5in;margin-right:0in;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-size:10pt;font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">Both
analysis and remediation checks are included</span></p>

<p style="margin-left:0.5in;margin-right:0in;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-size:10pt;font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">Some of the
checks allow you to use the parameterized setting to enable customization for
compliance evaluation. Note that parameterization and remediation actions
require the creation of a custom site.</span></p>

<p style="margin-left:0.5in;margin-right:0in;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-size:10pt;font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">Improved a
few checks by adding the pending restart feature to them. The pending restart
feature works in the following ways:</span></p>

<p style="margin-left:0.5in;margin-right:0in;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-size:10pt;font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">The action
results will show “Pending Restart” instead of “Fixed” for those checks which
require OS reboot.</span></p>

<p style="margin-left:0.5in;margin-right:0in;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-size:10pt;font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">The check
will show relevant for those endpoints until they are rebooted.</span></p>

<p style="margin-left:0.5in;margin-right:0in;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-size:10pt;font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">       
</span></span><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">Post reboot
of the endpoint the action results will show as “Fixed” and the check will be
compliant.</span></p>

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><strong><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">More information:</span></strong><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif"><br>
To know more about the BigFix Compliance SCM checklists, please see the
following resources:</span><span lang="EN-IN"></span></p>

<ul type="disc" style="margin-bottom:0in">
 <li class="MsoNormal" style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in;font-size:10pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">BigFix Forum:<br>
     </span><span style="color:black"><a href="https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fforum.bigfix.com%2Fc%2Frelease-announcements%2Fcompliance&data=05%7C01%7Cshriramesachin.gulab%40hcl.com%7Cb3aebf7519664028dc8b08da89dfe49e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637973891946148511%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CgFoLnn2SUQDa8gV7EoPigfKH4hQk0a1GNq3swG2m8U%3D&reserved=0" style="color:rgb(5,99,193)"><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif;color:rgb(0,136,204)">https://forum.bigfix.com/c/release-announcements/compliance</span></a></span><span lang="EN-IN" style="font-size:11pt"></span></li>
 <li class="MsoNormal" style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in;font-size:10pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">BigFix Compliance SCM Checklists:<br>
     </span><span style="color:black"><a href="https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbigfix-wiki.hcltechsw.com%2Fwikis%2Fhome%3Flang%3Den-us%23!%2Fwiki%2FBigFix%2520Wiki%2Fpage%2FSCM%2520Checklists&data=05%7C01%7Cshriramesachin.gulab%40hcl.com%7Cb3aebf7519664028dc8b08da89dfe49e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637973891946148511%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=uwTwmlSHfUoigLq95hv%2B%2F%2FmvBfoqab7OlPyaYKJEFgI%3D&reserved=0" style="color:rgb(5,99,193)"><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif;color:rgb(0,136,204)">https://bigfix-wiki.hcltechsw.com/wikis/home?lang=en-us#!/wiki/BigFix%20Wiki/page/SCM%20Checklists</span></a></span><span lang="EN-IN" style="font-size:11pt"></span></li>
</ul>

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">We hope you find this latest release of SCM content
useful and effective. Thank you!</span><span lang="EN-IN"></span></p>

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-IN" style="font-size:10.5pt;font-family:Helvetica,sans-serif">– The BigFix Compliance team</span><span lang="EN-IN"></span></p></div>