The Center for Internet Security (CIS) released the first version of the CIS Benchmark for Red Hat Enterprise Linux (RHEL) 9 on Nov 28, 2022, providing a set of 255 recommended security controls organized in two different levels for RHEL 9 servers and workstations.
CIS Benchmarks for RHEL are created in a collaborative and transparent way in the CIS community, where the active participation of Red Hat engineers contributes to high quality standards aligned to the best practices for RHEL while also bringing value to Fedora and other community Linux distributions. The Red Hat Security Compliance team quickly worked on this first released version of the CIS Benchmark for RHEL 9, ultimately providing Red Hat customers with automation capabilities to meet the CIS requirements.
The CIS Benchmark for RHEL 9 provides a comprehensive set of security controls and configuration recommendations to help protect RHEL 9 systems. The new profile based on this benchmark has been available to Red Hat customers in the scap-security-guide package since version 0.1.66. It allows organizations to automate the process of configuring and monitoring their RHEL 9 systems for compliance directly via OpenSCAP or through integrations in Anaconda, Image Builder, Insights and Satellite.
The most recent improvements in this new CIS profile, already available for RHEL 9 customers in scap-security-guide version 0.1.69, automates 99% of the benchmark requirements, including controls for network security, system hardening, logging and monitoring, and access control. By using the CIS profile for RHEL 9, Red Hat customers can check and more easily remediate their systems to achieve a high level of compliance with the CIS Benchmark, allowing their organizations to reduce their attack surface and improve their overall security posture.
For already installed systems, the OpenSCAP scanner can be directly used with the CIS profile for RHEL 9 to automate the process of scanning RHEL 9 systems, generating reports, and remediating eventual compliance gaps. Alternatively, Red Hat customers can also use the profile via Red Hat Insights and Red Hat Satellite integrations or during the installation of RHEL systems.
The release of the CIS profile for RHEL 9 with 99% of the benchmark requirements automated is a significant milestone in the effort to improve the security posture of RHEL in alignment with CIS. Organizations can now use this profile to automate the process of configuring and monitoring their RHEL 9 systems for compliance with minimal manual effort, helping to reduce their risks of cyber threats.
Red Hat continues to support valuable resources in the CIS community and other benchmarks to improve compliance with regulatory and industry-specific requirements.
About the author
Marcus Burghardt is a Senior Software Engineer on the Red Hat Enterprise Linux (RHEL) Security Compliance team. Marcus joined Red Hat in 2021. Since then, he has primarily focused on developing automated security content used by organizations to accelerate the adoption of security policies. He was previously a Red Hat Instructor and Examiner involved with different Red Hat technologies, but also has experience in Security Management, Cryptography, and Consulting.