Cybersecurity continues to be a focal point for government agencies as they continue to develop IT strategies that include the deployment of new and existing workloads into cloud-based environments. At the same time, threats to these services, and the data that they process, continue to evolve with new exploits appearing on a regular basis. To maintain the performance and availability of applications and data, configurations that limit the ability for exploits to be successful must be in place.
Red Hat has a long history of working with government and defense agencies to configure Red Hat Enterprise Linux (RHEL) to meet certain rigorous requirements that aim to protect systems from malicious activity. This work includes development of SELinux, establishing Identity Management standards, and the development and publication of several security configuration profiles used by various industries.
We are pleased to announce that, in collaboration with Red Hat, the Defense Information Systems Agency (DISA) has published a Secure Technical Implementation Guide (STIG) for RHEL 8. The STIG consists of more than 300 security controls including configuration settings that map to new features that were included in RHEL 8.
The STIG enables customers in government or military organizations to deploy RHEL 8 in accordance with an approved security baseline profile and further drive innovation across their environments.
RHEL 8 includes the SCAP Security Guide which includes several security profiles, including the DISA STIG profile. With the SCAP Security Guide, customers can automate the configuration of security controls as part of a RHEL deployment or perform periodic scans and automated remediation of any findings post-deployment.
The RHEL 8 STIG is available for download on DISA’s Cyber Exchange website at STIGs Document Library. Just filter the list for Operating Systems and then UNIX/Linux.
Red Hat offers security-focused courses as a part of the RHEL Skills Path. These courses can offer you additional guidance on how to configure security controls.