The Center for Internet Security (CIS) released the first version of the CIS Benchmark for Red Hat Enterprise Linux (RHEL) 9 on Nov 28, 2022, providing a set of 255 recommended security controls organized in two different levels for RHEL 9 servers and workstations.
CIS Benchmarks for RHEL are created in a collaborative and transparent way in the CIS community, where the active participation of Red Hat engineers contributes to high quality standards aligned to the best practices for RHEL while also bringing value to Fedora and other community Linux distributions. The Red Hat Security Compliance team quickly worked on this first released version of the CIS Benchmark for RHEL 9, ultimately providing Red Hat customers with automation capabilities to meet the CIS requirements.
The CIS Benchmark for RHEL 9 provides a comprehensive set of security controls and configuration recommendations to help protect RHEL 9 systems. The new profile based on this benchmark has been available to Red Hat customers in the scap-security-guide package since version 0.1.66. It allows organizations to automate the process of configuring and monitoring their RHEL 9 systems for compliance directly via OpenSCAP or through integrations in Anaconda, Image Builder, Insights and Satellite.
The most recent improvements in this new CIS profile, already available for RHEL 9 customers in scap-security-guide version 0.1.69, automates 99% of the benchmark requirements, including controls for network security, system hardening, logging and monitoring, and access control. By using the CIS profile for RHEL 9, Red Hat customers can check and more easily remediate their systems to achieve a high level of compliance with the CIS Benchmark, allowing their organizations to reduce their attack surface and improve their overall security posture.
For already installed systems, the OpenSCAP scanner can be directly used with the CIS profile for RHEL 9 to automate the process of scanning RHEL 9 systems, generating reports, and remediating eventual compliance gaps. Alternatively, Red Hat customers can also use the profile via Red Hat Insights and Red Hat Satellite integrations or during the installation of RHEL systems.
The release of the CIS profile for RHEL 9 with 99% of the benchmark requirements automated is a significant milestone in the effort to improve the security posture of RHEL in alignment with CIS. Organizations can now use this profile to automate the process of configuring and monitoring their RHEL 9 systems for compliance with minimal manual effort, helping to reduce their risks of cyber threats.
Red Hat continues to support valuable resources in the CIS community and other benchmarks to improve compliance with regulatory and industry-specific requirements.
À propos de l'auteur
Marcus Burghardt is a Senior Software Engineer on the Red Hat Enterprise Linux (RHEL) Security Compliance team. Marcus joined Red Hat in 2021. Since then, he has primarily focused on developing automated security content used by organizations to accelerate the adoption of security policies. He was previously a Red Hat Instructor and Examiner involved with different Red Hat technologies, but also has experience in Security Management, Cryptography, and Consulting.
Parcourir par canal
Automatisation
Les dernières nouveautés en matière d'automatisation informatique pour les technologies, les équipes et les environnements
Intelligence artificielle
Actualité sur les plateformes qui permettent aux clients d'exécuter des charges de travail d'IA sur tout type d'environnement
Cloud hybride ouvert
Découvrez comment créer un avenir flexible grâce au cloud hybride
Sécurité
Les dernières actualités sur la façon dont nous réduisons les risques dans tous les environnements et technologies
Edge computing
Actualité sur les plateformes qui simplifient les opérations en périphérie
Infrastructure
Les dernières nouveautés sur la plateforme Linux d'entreprise leader au monde
Applications
À l’intérieur de nos solutions aux défis d’application les plus difficiles
Programmes originaux
Histoires passionnantes de créateurs et de leaders de technologies d'entreprise
Produits
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Services cloud
- Voir tous les produits
Outils
- Formation et certification
- Mon compte
- Assistance client
- Ressources développeurs
- Rechercher un partenaire
- Red Hat Ecosystem Catalog
- Calculateur de valeur Red Hat
- Documentation
Essayer, acheter et vendre
Communication
- Contacter le service commercial
- Contactez notre service clientèle
- Contacter le service de formation
- Réseaux sociaux
À propos de Red Hat
Premier éditeur mondial de solutions Open Source pour les entreprises, nous fournissons des technologies Linux, cloud, de conteneurs et Kubernetes. Nous proposons des solutions stables qui aident les entreprises à jongler avec les divers environnements et plateformes, du cœur du datacenter à la périphérie du réseau.
Sélectionner une langue
Red Hat legal and privacy links
- À propos de Red Hat
- Carrières
- Événements
- Bureaux
- Contacter Red Hat
- Lire le blog Red Hat
- Diversité, équité et inclusion
- Cool Stuff Store
- Red Hat Summit