Provided by: ssg-base_0.1.65-1_all bug

NAME

       SCAP-Security-Guide  -  Delivers  security  guidance, baselines, and associated validation
       mechanisms utilizing the Security Content Automation Protocol (SCAP).

DESCRIPTION

       The project provides practical security hardening advice and also links it  to  compliance
       requirements   in   order  to  ease  deployment  activities,  such  as  certification  and
       accreditation. These include requirements in the U.S. government  (Federal,  Defense,  and
       Intelligence  Community)  as well as of the financial services and health care industries.
       For example, high-level and widely-accepted policies such as NIST  800-53  provides  prose
       stating that System Administrators must audit "privileged user actions," but do not define
       what "privileged actions"  are.  The  SSG  bridges  the  gap  between  generalized  policy
       requirements  and  specific implementation guidance, in SCAP formats to support automation
       whenever possible.

       The projects homepage  is  located  at:  https://www.open-scap.org/security-policies/scap-
       security-guide

Profiles in Guide to the Secure Configuration of Alibaba Cloud Linux 2

       Source Datastream:  ssg-alinux2-ds.xml

       The  Guide to the Secure Configuration of Alibaba Cloud Linux 2 is broken into 'profiles',
       groupings of security settings that correlate to a known policy. Available profiles are:

       CIS Aliyun Linux 2 Benchmark for Level 2

              Profile ID:  xccdf_org.ssgproject.content_profile_cis

              This profile defines a baseline that aligns to the "Level 2" configuration from the
              Center   for  Internet  Security®  Aliyun  Linux  2  Benchmark™,  v1.0.0,  released
              08-16-2019.

              This profile includes Center for Internet Security® Aliyun Linux 2 CIS  Benchmarks™
              content.

       CIS Aliyun Linux 2 Benchmark for Level 1

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_l1

              This profile defines a baseline that aligns to the "Level 1" configuration from the
              Center  for  Internet  Security®  Aliyun  Linux  2  Benchmark™,  v1.0.0,   released
              08-16-2019.

              This  profile includes Center for Internet Security® Aliyun Linux 2 CIS Benchmarks™
              content.

       Standard System Security Profile for Alibaba Cloud Linux 2

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This profile contains rules to ensure standard security baseline of a Alibaba Cloud
              Linux  2  system.  Regardless  of your system's workload all of these checks should
              pass.

Profiles in Guide to the Secure Configuration of Alibaba Cloud Linux 3

       Source Datastream:  ssg-alinux3-ds.xml

       The Guide to the Secure Configuration of Alibaba Cloud Linux 3 is broken into  'profiles',
       groupings of security settings that correlate to a known policy. Available profiles are:

       CIS Benchmark for Alibaba Cloud Linux 3 for Level 2

              Profile ID:  xccdf_org.ssgproject.content_profile_cis

              This profile defines a baseline that aligns to the "Level 2" configuration from the
              Center for Internet Security® Alibaba Cloud Linux 3  Benchmark™,  v1.0.0,  released
              08-16-2019.

              This  profile  includes  Center  for  Internet  Security®  Alibaba  Cloud  Linux  3
              Benchmark™ content.

       CIS Benchmark for Alibaba Cloud Linux 3 for Level 1

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_l1

              This profile defines a baseline that aligns to the "Level 1" configuration from the
              Center  for  Internet  Security® Alibaba Cloud Linux 3 Benchmark™, v1.0.0, released
              08-16-2019.

              This  profile  includes  Center  for  Internet  Security®  Alibaba  Cloud  Linux  3
              Benchmark™ content.

       Standard System Security Profile for Alibaba Cloud Linux 3

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This profile contains rules to ensure standard security baseline of a Alibaba Cloud
              Linux 3 system. Regardless of your system's workload all  of  these  checks  should
              pass.

Profiles in Guide to the Secure Configuration of Anolis OS 8

       Source Datastream:  ssg-anolis8-ds.xml

       The  Guide to the Secure Configuration of Anolis OS 8 is broken into 'profiles', groupings
       of security settings that correlate to a known policy. Available profiles are:

       Standard System Security Profile for Anolis OS 8

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This profile contains rules to ensure standard security baseline of a Anolis  OS  8
              system.

Profiles in Guide to the Secure Configuration of Red Hat Enterprise Linux 7

       Source Datastream:  ssg-centos7-ds.xml

       The  Guide  to  the  Secure  Configuration  of  Red  Hat Enterprise Linux 7 is broken into
       'profiles', groupings of security settings that correlate to  a  known  policy.  Available
       profiles are:

       PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 7

              Profile ID:  xccdf_org.ssgproject.content_profile_pci-dss

              Ensures PCI-DSS v3.2.1 security configuration settings are applied.

       Standard System Security Profile for Red Hat Enterprise Linux 7

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This  profile  contains  rules  to  ensure  standard security baseline of a Red Hat
              Enterprise Linux 7 system. Regardless of your system's workload all of these checks
              should pass.

Profiles in Guide to the Secure Configuration of Red Hat Enterprise Linux 8

       Source Datastream:  ssg-centos8-ds.xml

       The  Guide  to  the  Secure  Configuration  of  Red  Hat Enterprise Linux 8 is broken into
       'profiles', groupings of security settings that correlate to  a  known  policy.  Available
       profiles are:

       ANSSI-BP-028 (enhanced)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced

              This  profile  contains  configurations  that  align  to  ANSSI-BP-028  v1.2 at the
              enhanced hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (high)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_high

              This profile contains configurations that align to ANSSI-BP-028 v1.2  at  the  high
              hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (intermediary)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary

              This  profile  contains  configurations  that  align  to  ANSSI-BP-028  v1.2 at the
              intermediary hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (minimal)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_minimal

              This profile contains configurations that align to ANSSI-BP-028 v1.2 at the minimal
              hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       CIS Red Hat Enterprise Linux 8 Benchmark for Level 2 - Server

              Profile ID:  xccdf_org.ssgproject.content_profile_cis

              This profile defines a baseline that aligns to the "Level 2 - Server" configuration
              from the Center for Internet Security®  Red  Hat  Enterprise  Linux  8  Benchmark™,
              v2.0.0, released 2022-02-23.

              This  profile includes Center for Internet Security® Red Hat Enterprise Linux 8 CIS
              Benchmarks™ content.

       CIS Red Hat Enterprise Linux 8 Benchmark for Level 1 - Server

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_server_l1

              This profile defines a baseline that aligns to the "Level 1 - Server" configuration
              from  the  Center  for  Internet  Security®  Red Hat Enterprise Linux 8 Benchmark™,
              v2.0.0, released 2022-02-23.

              This profile includes Center for Internet Security® Red Hat Enterprise Linux 8  CIS
              Benchmarks™ content.

       CIS Red Hat Enterprise Linux 8 Benchmark for Level 1 - Workstation

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_workstation_l1

              This  profile  defines  a  baseline  that  aligns  to  the  "Level 1 - Workstation"
              configuration from the Center for Internet Security® Red  Hat  Enterprise  Linux  8
              Benchmark™, v2.0.0, released 2022-02-23.

              This  profile includes Center for Internet Security® Red Hat Enterprise Linux 8 CIS
              Benchmarks™ content.

       CIS Red Hat Enterprise Linux 8 Benchmark for Level 2 - Workstation

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_workstation_l2

              This profile defines a  baseline  that  aligns  to  the  "Level  2  -  Workstation"
              configuration  from  the  Center  for Internet Security® Red Hat Enterprise Linux 8
              Benchmark™, v2.0.0, released 2022-02-23.

              This profile includes Center for Internet Security® Red Hat Enterprise Linux 8  CIS
              Benchmarks™ content.

       Criminal Justice Information Services (CJIS) Security Policy

              Profile ID:  xccdf_org.ssgproject.content_profile_cjis

              This profile is derived from FBI's CJIS v5.4 Security Policy. A copy of this policy
              can be found at the CJIS Security Policy Resource Center:

              https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center

       Unclassified Information  in  Non-federal  Information  Systems  and  Organizations  (NIST
       800-171)

              Profile ID:  xccdf_org.ssgproject.content_profile_cui

              From   NIST   800-171,  Section  2.2:  Security  requirements  for  protecting  the
              confidentiality of CUI in nonfederal information systems and organizations  have  a
              well-defined structure that consists of:

              (i)  a  basic  security  requirements section; (ii) a derived security requirements
              section.

              The basic security requirements are  obtained  from  FIPS  Publication  200,  which
              provides   the   high-level  and  fundamental  security  requirements  for  federal
              information and information  systems.  The  derived  security  requirements,  which
              supplement the basic security requirements, are taken from the security controls in
              NIST Special Publication 800-53.

              This profile configures Red Hat Enterprise Linux 8 to the NIST Special  Publication
              800-53 controls identified for securing Controlled Unclassified Information (CUI)."

       Australian Cyber Security Centre (ACSC) Essential Eight

              Profile ID:  xccdf_org.ssgproject.content_profile_e8

              This  profile  contains  configuration  checks  for Red Hat Enterprise Linux 8 that
              align to the Australian Cyber Security Centre (ACSC) Essential Eight.

              A copy of the Essential Eight in Linux Environments guide can be found at the  ACSC
              website:

              https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-
              workstations-and-servers

       Health Insurance Portability and Accountability Act (HIPAA)

              Profile ID:  xccdf_org.ssgproject.content_profile_hipaa

              The HIPAA Security Rule establishes U.S. national standards to protect individuals’
              electronic  personal  health  information  that  is  created,  received,  used,  or
              maintained  by  a  covered  entity.  The   Security   Rule   requires   appropriate
              administrative,  physical  and  technical safeguards to ensure the confidentiality,
              integrity, and security of electronic protected health information.

              This profile configures Red Hat Enterprise Linux  8  to  the  HIPAA  Security  Rule
              identified  for  securing  of electronic protected health information.  Use of this
              profile in no way guarantees or makes claims against legal compliance  against  the
              HIPAA Security Rule(s).

       Australian Cyber Security Centre (ACSC) ISM Official

              Profile ID:  xccdf_org.ssgproject.content_profile_ism_o

              This  profile  contains  configuration  checks  for Red Hat Enterprise Linux 8 that
              align to the Australian Cyber Security Centre (ACSC)  Information  Security  Manual
              (ISM) with the applicability marking of OFFICIAL.

              The ISM uses a risk-based approach to cyber security. This profile provides a guide
              to aligning Red Hat Enterprise Linux security controls with the ISM, which  can  be
              used  to  select  controls  specific to an organisation's security posture and risk
              profile.

              A copy of the ISM can be found at the ACSC website:

              https://www.cyber.gov.au/ism

       Protection Profile for General Purpose Operating Systems

              Profile ID:  xccdf_org.ssgproject.content_profile_ospp

              This profile reflects mandatory  configuration  controls  identified  in  the  NIAP
              Configuration Annex to the Protection Profile for General Purpose Operating Systems
              (Protection Profile Version 4.2.1).

              This configuration profile is  consistent  with  CNSSI-1253,  which  requires  U.S.
              National   Security   Systems   to  adhere  to  certain  configuration  parameters.
              Accordingly, this configuration profile  is  suitable  for  use  in  U.S.  National
              Security Systems.

       PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 8

              Profile ID:  xccdf_org.ssgproject.content_profile_pci-dss

              Ensures PCI-DSS v3.2.1 security configuration settings are applied.

       Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)

              Profile ID:  xccdf_org.ssgproject.content_profile_rht-ccp

              This   profile  contains  the  minimum  security  relevant  configuration  settings
              recommended by Red Hat, Inc for Red Hat Enterprise Linux 8  instances  deployed  by
              Red Hat Certified Cloud Providers.

       Standard System Security Profile for Red Hat Enterprise Linux 8

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This  profile  contains  rules  to  ensure  standard security baseline of a Red Hat
              Enterprise Linux 8 system. Regardless of your system's workload all of these checks
              should pass.

       DISA STIG for Red Hat Enterprise Linux 8

              Profile ID:  xccdf_org.ssgproject.content_profile_stig

              This  profile contains configuration checks that align to the DISA STIG for Red Hat
              Enterprise Linux 8 V1R8.

              In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this
              configuration  baseline  as  applicable  to  the  operating  system tier of Red Hat
              technologies that are based on Red Hat Enterprise Linux 8, such as:

              - Red Hat Enterprise Linux Server  -  Red  Hat  Enterprise  Linux  Workstation  and
              Desktop  -  Red Hat Enterprise Linux for HPC - Red Hat Storage - Red Hat Containers
              with a Red Hat Enterprise Linux 8 image

       DISA STIG with GUI for Red Hat Enterprise Linux 8

              Profile ID:  xccdf_org.ssgproject.content_profile_stig_gui

              This profile contains configuration checks that align to the DISA STIG with GUI for
              Red Hat Enterprise Linux 8 V1R8.

              In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this
              configuration baseline as applicable to  the  operating  system  tier  of  Red  Hat
              technologies that are based on Red Hat Enterprise Linux 8, such as:

              -  Red  Hat  Enterprise  Linux  Server  -  Red Hat Enterprise Linux Workstation and
              Desktop - Red Hat Enterprise Linux for HPC - Red Hat Storage - Red  Hat  Containers
              with a Red Hat Enterprise Linux 8 image

              Warning:  The  installation  and  use of a Graphical User Interface (GUI) increases
              your attack vector and decreases your overall security posture. If your Information
              Systems  Security  Officer  (ISSO) lacks a documented operational requirement for a
              graphical user interface, please consider using the standard DISA STIG for Red  Hat
              Enterprise Linux 8 profile.

Profiles in Guide to the Secure Configuration of Chromium

       Source Datastream:  ssg-chromium-ds.xml

       The  Guide to the Secure Configuration of Chromium is broken into 'profiles', groupings of
       security settings that correlate to a known policy. Available profiles are:

       Upstream STIG for Google Chromium

              Profile ID:  xccdf_org.ssgproject.content_profile_stig

              This profile is developed under the DoD consensus model and DISA  FSO  Vendor  STIG
              process,  serving  as  the upstream development environment for the Google Chromium
              STIG.

              As a result of the upstream/downstream relationship between the SCAP Security Guide
              project  and  the  official  DISA  FSO  STIG baseline, users should expect variance
              between SSG and DISA FSO content.  For official DISA FSO  STIG  content,  refer  to
              https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=app-security%2Cbrowser-
              guidance.

              While this profile is packaged by Red Hat  as  part  of  the  SCAP  Security  Guide
              package, please note that commercial support of this SCAP content is NOT available.
              This  profile  is  provided  as  example  SCAP  content  with  no  endorsement  for
              suitability  or  production  readiness. Support for this profile is provided by the
              upstream SCAP Security Guide community on a best-effort basis. The upstream project
              homepage is https://www.open-scap.org/security-policies/scap-security-guide/.

Profiles in Guide to the Secure Configuration of Red Hat Enterprise Linux 9

       Source Datastream:  ssg-cs9-ds.xml

       The  Guide  to  the  Secure  Configuration  of  Red  Hat Enterprise Linux 9 is broken into
       'profiles', groupings of security settings that correlate to  a  known  policy.  Available
       profiles are:

       ANSSI-BP-028 (enhanced)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced

              This  profile  contains  configurations  that align to ANSSI-BP-028 at the enhanced
              hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (high)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_high

              This profile contains  configurations  that  align  to  ANSSI-BP-028  at  the  high
              hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (intermediary)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary

              This profile contains configurations that align to ANSSI-BP-028 at the intermediary
              hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (minimal)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_minimal

              This profile contains configurations that align  to  ANSSI-BP-028  at  the  minimal
              hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       [DRAFT] CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 - Server

              Profile ID:  xccdf_org.ssgproject.content_profile_cis

              This  is  a draft profile based on its RHEL8 version for experimental purposes.  It
              is not based on the CIS benchmark for RHEL9, because this one was not available  at
              time of the release.

       [DRAFT] CIS Red Hat Enterprise Linux 9 Benchmark for Level 1 - Server

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_server_l1

              This  is  a draft profile based on its RHEL8 version for experimental purposes.  It
              is not based on the CIS benchmark for RHEL9, because this one was not available  at
              time of the release.

       [DRAFT] CIS Red Hat Enterprise Linux 9 Benchmark for Level 1 - Workstation

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_workstation_l1

              This  is  a draft profile based on its RHEL8 version for experimental purposes.  It
              is not based on the CIS benchmark for RHEL9, because this one was not available  at
              time of the release.

       [DRAFT] CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 - Workstation

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_workstation_l2

              This  is  a draft profile based on its RHEL8 version for experimental purposes.  It
              is not based on the CIS benchmark for RHEL9, because this one was not available  at
              time of the release.

       [DRAFT]  Unclassified  Information  in  Non-federal  Information Systems and Organizations
       (NIST 800-171)

              Profile ID:  xccdf_org.ssgproject.content_profile_cui

              From  NIST  800-171,  Section  2.2:  Security  requirements  for   protecting   the
              confidentiality  of  CUI in nonfederal information systems and organizations have a
              well-defined structure that consists of:

              (i) a basic security requirements section; (ii)  a  derived  security  requirements
              section.

              The  basic  security  requirements  are  obtained  from FIPS Publication 200, which
              provides  the  high-level  and  fundamental  security  requirements   for   federal
              information  and  information  systems.  The  derived  security requirements, which
              supplement the basic security requirements, are taken from the security controls in
              NIST Special Publication 800-53.

              This  profile configures Red Hat Enterprise Linux 9 to the NIST Special Publication
              800-53 controls identified for securing Controlled Unclassified Information (CUI)."

       Australian Cyber Security Centre (ACSC) Essential Eight

              Profile ID:  xccdf_org.ssgproject.content_profile_e8

              This profile contains configuration checks for Red  Hat  Enterprise  Linux  9  that
              align to the Australian Cyber Security Centre (ACSC) Essential Eight.

              A  copy of the Essential Eight in Linux Environments guide can be found at the ACSC
              website:

              https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-
              workstations-and-servers

       Health Insurance Portability and Accountability Act (HIPAA)

              Profile ID:  xccdf_org.ssgproject.content_profile_hipaa

              The HIPAA Security Rule establishes U.S. national standards to protect individuals’
              electronic  personal  health  information  that  is  created,  received,  used,  or
              maintained   by   a   covered   entity.  The  Security  Rule  requires  appropriate
              administrative, physical and technical safeguards to  ensure  the  confidentiality,
              integrity, and security of electronic protected health information.

              This  profile  configures  Red  Hat  Enterprise  Linux 9 to the HIPAA Security Rule
              identified for securing of electronic protected health information.   Use  of  this
              profile  in  no way guarantees or makes claims against legal compliance against the
              HIPAA Security Rule(s).

       Australian Cyber Security Centre (ACSC) ISM Official

              Profile ID:  xccdf_org.ssgproject.content_profile_ism_o

              This profile contains configuration checks for Red  Hat  Enterprise  Linux  9  that
              align  to  the  Australian Cyber Security Centre (ACSC) Information Security Manual
              (ISM) with the applicability marking of OFFICIAL.

              The ISM uses a risk-based approach to cyber security. This profile provides a guide
              to  aligning  Red Hat Enterprise Linux security controls with the ISM, which can be
              used to select controls specific to an organisation's  security  posture  and  risk
              profile.

              A copy of the ISM can be found at the ACSC website:

              https://www.cyber.gov.au/ism

       Protection Profile for General Purpose Operating Systems

              Profile ID:  xccdf_org.ssgproject.content_profile_ospp

              This  profile  is  part  of  Red  Hat  Enterprise  Linux 9 Common Criteria Guidance
              documentation for Target of Evaluation based  on  Protection  Profile  for  General
              Purpose  Operating  Systems  (OSPP)  version  4.2.1  and Functional Package for SSH
              version 1.0.

              Where appropriate, CNSSI 1253 or DoD-specific values are  used  for  configuration,
              based on Configuration Annex to the OSPP.

       PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 9

              Profile ID:  xccdf_org.ssgproject.content_profile_pci-dss

              Ensures PCI-DSS v3.2.1 security configuration settings are applied.

       [DRAFT] DISA STIG for Red Hat Enterprise Linux 9

              Profile ID:  xccdf_org.ssgproject.content_profile_stig

              This  is  a draft profile based on its RHEL8 version for experimental purposes.  It
              is not based on the DISA STIG for RHEL9, because this one was not available at time
              of the release.

              In addition to being applicable to Red Hat Enterprise Linux 9, DISA recognizes this
              configuration baseline as applicable to  the  operating  system  tier  of  Red  Hat
              technologies that are based on Red Hat Enterprise Linux 9, such as:

              -  Red  Hat  Enterprise  Linux  Server  -  Red Hat Enterprise Linux Workstation and
              Desktop - Red Hat Enterprise Linux for HPC - Red Hat Storage - Red  Hat  Containers
              with a Red Hat Enterprise Linux 9 image

       [DRAFT] DISA STIG with GUI for Red Hat Enterprise Linux 9

              Profile ID:  xccdf_org.ssgproject.content_profile_stig_gui

              This  is  a draft profile based on its RHEL8 version for experimental purposes.  It
              is not based on the DISA STIG for RHEL9, because this one was not available at time
              of the release.

              In addition to being applicable to Red Hat Enterprise Linux 9, DISA recognizes this
              configuration baseline as applicable to  the  operating  system  tier  of  Red  Hat
              technologies that are based on Red Hat Enterprise Linux 9, such as:

              -  Red  Hat  Enterprise  Linux  Server  -  Red Hat Enterprise Linux Workstation and
              Desktop - Red Hat Enterprise Linux for HPC - Red Hat Storage - Red  Hat  Containers
              with a Red Hat Enterprise Linux 9 image

              Warning:  The  installation  and  use of a Graphical User Interface (GUI) increases
              your attack vector and decreases your overall security posture. If your Information
              Systems  Security  Officer  (ISSO) lacks a documented operational requirement for a
              graphical user interface, please consider using the standard DISA STIG for Red  Hat
              Enterprise Linux 9 profile.

Profiles in Guide to the Secure Configuration of Debian 10

       Source Datastream:  ssg-debian10-ds.xml

       The Guide to the Secure Configuration of Debian 10 is broken into 'profiles', groupings of
       security settings that correlate to a known policy. Available profiles are:

       Profile for ANSSI DAT-NT28 Average (Intermediate) Level

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_np_nt28_average

              This profile contains  items  for  GNU/Linux  installations  already  protected  by
              multiple higher level security stacks.

       Profile for ANSSI DAT-NT28 High (Enforced) Level

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_np_nt28_high

              This   profile   contains  items  for  GNU/Linux  installations  storing  sensitive
              information that can be accessible from unauthenticated or uncontroled networks.

       Profile for ANSSI DAT-NT28 Minimal Level

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_np_nt28_minimal

              This profile contains items to be applied systematically.

       Profile for ANSSI DAT-NT28 Restrictive Level

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive

              This profile contains items for GNU/Linux installations exposed to  unauthenticated
              flows or multiple sources.

       Standard System Security Profile for Debian 10

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This  profile  contains  rules  to ensure standard security baseline of a Debian 10
              system. Regardless of your system's workload all of these checks should pass.

Profiles in Guide to the Secure Configuration of Debian 11

       Source Datastream:  ssg-debian11-ds.xml

       The Guide to the Secure Configuration of Debian 11 is broken into 'profiles', groupings of
       security settings that correlate to a known policy. Available profiles are:

       Profile for ANSSI DAT-NT28 Average (Intermediate) Level

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_np_nt28_average

              This  profile  contains  items  for  GNU/Linux  installations  already protected by
              multiple higher level security stacks.

       Profile for ANSSI DAT-NT28 High (Enforced) Level

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_np_nt28_high

              This  profile  contains  items  for  GNU/Linux  installations   storing   sensitive
              information that can be accessible from unauthenticated or uncontroled networks.

       Profile for ANSSI DAT-NT28 Minimal Level

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_np_nt28_minimal

              This profile contains items to be applied systematically.

       Profile for ANSSI DAT-NT28 Restrictive Level

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive

              This  profile contains items for GNU/Linux installations exposed to unauthenticated
              flows or multiple sources.

       Standard System Security Profile for Debian 11

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This profile contains rules to ensure standard security baseline  of  a  Debian  11
              system. Regardless of your system's workload all of these checks should pass.

Profiles in Guide to the Secure Configuration of Amazon Elastic Kubernetes Service

       Source Datastream:  ssg-eks-ds.xml

       The  Guide to the Secure Configuration of Amazon Elastic Kubernetes Service is broken into
       'profiles', groupings of security settings that correlate to  a  known  policy.  Available
       profiles are:

       CIS Amazon Elastic Kubernetes Service (EKS) Benchmark - Node

              Profile ID:  xccdf_org.ssgproject.content_profile_cis-node

              This  profile  defines  a baseline that aligns to the Center for Internet Security®
              Amazon Elastic Kubernetes Service (EKS) Benchmark™, V1.0.1.

              This profile includes Center  for  Internet  Security®  Amazon  Elastic  Kubernetes
              Service (EKS)™ content.

              This profile is applicable to EKS 1.21 and greater.

       CIS Amazon Elastic Kubernetes Service Benchmark - Platform

              Profile ID:  xccdf_org.ssgproject.content_profile_cis

              This  profile  defines  a baseline that aligns to the Center for Internet Security®
              Amazon Elastic Kubernetes Service (EKS) Benchmark™, V1.0.1.

              This profile includes Center  for  Internet  Security®  Amazon  Elastic  Kubernetes
              Service (EKS)™ content.

              This profile is applicable to EKS 1.21 and greater.

Profiles in Guide to the Secure Configuration of Fedora

       Source Datastream:  ssg-fedora-ds.xml

       The  Guide  to  the Secure Configuration of Fedora is broken into 'profiles', groupings of
       security settings that correlate to a known policy. Available profiles are:

       OSPP - Protection Profile for General Purpose Operating Systems

              Profile ID:  xccdf_org.ssgproject.content_profile_ospp

              This profile reflects mandatory  configuration  controls  identified  in  the  NIAP
              Configuration Annex to the Protection Profile for General Purpose Operating Systems
              (Protection Profile Version 4.2).

              As Fedora OS is moving target, this profile does not guarantee to provide  security
              levels  required  from US National Security Systems. Main goal of the profile is to
              provide Fedora developers with hardened environment similar to the one mandated  by
              US National Security Systems.

       PCI-DSS v3.2.1 Control Baseline for Fedora

              Profile ID:  xccdf_org.ssgproject.content_profile_pci-dss

              Ensures PCI-DSS v3.2.1 related security configuration settings are applied.

       Standard System Security Profile for Fedora

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This  profile  contains  rules  to  ensure  standard  security baseline of a Fedora
              system.  Regardless of your system's workload all of these checks should pass.

Profiles in Guide to the Secure Configuration of Firefox

       Source Datastream:  ssg-firefox-ds.xml

       The Guide to the Secure Configuration of Firefox is broken into 'profiles',  groupings  of
       security settings that correlate to a known policy. Available profiles are:

       Mozilla Firefox STIG

              Profile ID:  xccdf_org.ssgproject.content_profile_stig

              This  profile  is  developed under the DoD consensus model and DISA FSO Vendor STIG
              process, serving as the upstream development environment for the Firefox STIG.

              As a result of the upstream/downstream relationship between the SCAP Security Guide
              project  and  the  official  DISA  FSO  STIG baseline, users should expect variance
              between SSG and DISA FSO content.  For official DISA FSO  STIG  content,  refer  to
              https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=app-security%2Cbrowser-
              guidance.

              While this profile is packaged by Red Hat  as  part  of  the  SCAP  Security  Guide
              package, please note that commercial support of this SCAP content is NOT available.
              This  profile  is  provided  as  example  SCAP  content  with  no  endorsement  for
              suitability  or  production  readiness. Support for this profile is provided by the
              upstream SCAP Security Guide community on a best-effort basis. The upstream project
              homepage is https://www.open-scap.org/security-policies/scap-security-guide/.

Profiles in Guide to the Secure Configuration of Apple macOS 10.15

       Source Datastream:  ssg-macos1015-ds.xml

       The  Guide  to  the  Secure  Configuration of Apple macOS 10.15 is broken into 'profiles',
       groupings of security settings that correlate to a known policy. Available profiles are:

       NIST 800-53 Moderate-Impact Baseline for Apple macOS 10.15 Catalina

              Profile ID:  xccdf_org.ssgproject.content_profile_moderate

              This  compliance  profile  reflects  the  core  set  of  Moderate-Impact   Baseline
              configuration  settings  for  deployment  of  Apple  macOS 10.15 Catalina into U.S.
              Defense, Intelligence, and Civilian agencies.  Development  partners  and  sponsors
              include  the  U.S.  National  Institute  of  Standards  and Technology (NIST), U.S.
              Department of Defense, and the the National Security Agency.

              This baseline implements configuration requirements from the following sources:

              - NIST 800-53 control selections for Moderate-Impact systems (NIST 800-53)

              For any differing configuration requirements, e.g. password lengths,  the  stricter
              security  setting  was  chosen. Security Requirement Traceability Guides (RTMs) and
              sample System Security Configuration Guides are  provided  via  the  scap-security-
              guide-docs package.

              This  profile  reflects  U.S. Government consensus content and is developed through
              the ComplianceAsCode initiative, championed by the National Security Agency. Except
              for  differences  in  formatting  to accommodate publishing processes, this profile
              mirrors ComplianceAsCode content as  minor  divergences,  such  as  bugfixes,  work
              through the consensus and release processes.

Profiles in Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4

       Source Datastream:  ssg-ocp4-ds.xml

       The  Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4 is broken
       into 'profiles', groupings  of  security  settings  that  correlate  to  a  known  policy.
       Available profiles are:

       CIS Red Hat OpenShift Container Platform 4 Benchmark

              Profile ID:  xccdf_org.ssgproject.content_profile_cis-node

              This  profile  defines  a baseline that aligns to the Center for Internet Security®
              Red Hat OpenShift Container Platform 4 Benchmark™, V1.1.

              This profile includes Center for Internet Security®  Red  Hat  OpenShift  Container
              Platform 4 CIS Benchmarks™ content.

              Note that this part of the profile is meant to run on the Operating System that Red
              Hat OpenShift Container Platform 4 runs on top of.

              This profile is applicable to OpenShift versions 4.6 and greater.

       CIS Red Hat OpenShift Container Platform 4 Benchmark

              Profile ID:  xccdf_org.ssgproject.content_profile_cis

              This profile defines a baseline that aligns to the Center  for  Internet  Security®
              Red Hat OpenShift Container Platform 4 Benchmark™, V1.1.

              This  profile  includes  Center  for Internet Security® Red Hat OpenShift Container
              Platform 4 CIS Benchmarks™ content.

              Note that this part of the profile is meant to run on the  Platform  that  Red  Hat
              OpenShift Container Platform 4 runs on top of.

              This profile is applicable to OpenShift versions 4.6 and greater.

       Australian Cyber Security Centre (ACSC) Essential Eight

              Profile ID:  xccdf_org.ssgproject.content_profile_e8

              This profile contains configuration checks for Red Hat OpenShift Container Platform
              that align to the Australian Cyber Security Centre (ACSC) Essential Eight.

              A copy of the Essential Eight in Linux Environments guide can be found at the  ACSC
              website:

              https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-
              workstations-and-servers

       NIST 800-53 High-Impact Baseline for Red Hat OpenShift - Node level

              Profile ID:  xccdf_org.ssgproject.content_profile_high-node

              This compliance profile reflects the core set of High-Impact Baseline configuration
              settings  for deployment of Red Hat OpenShift Container Platform into U.S. Defense,
              Intelligence, and Civilian agencies.  Development partners and sponsors include the
              U.S.  National  Institute  of  Standards  and Technology (NIST), U.S. Department of
              Defense, the National Security Agency, and Red Hat.

              This baseline implements configuration requirements from the following sources:

              - NIST 800-53 control selections for High-Impact systems (NIST 800-53)

              For any differing configuration requirements, e.g. password lengths,  the  stricter
              security  setting  was  chosen. Security Requirement Traceability Guides (RTMs) and
              sample System Security Configuration Guides are  provided  via  the  scap-security-
              guide-docs package.

              This  profile  reflects  U.S. Government consensus content and is developed through
              the ComplianceAsCode initiative, championed by the National Security Agency. Except
              for  differences  in  formatting  to accommodate publishing processes, this profile
              mirrors ComplianceAsCode content as  minor  divergences,  such  as  bugfixes,  work
              through the consensus and release processes.

       NIST 800-53 High-Impact Baseline for Red Hat OpenShift - Platform level

              Profile ID:  xccdf_org.ssgproject.content_profile_high

              This compliance profile reflects the core set of High-Impact Baseline configuration
              settings for deployment of Red Hat OpenShift Container Platform into U.S.  Defense,
              Intelligence, and Civilian agencies.  Development partners and sponsors include the
              U.S. National Institute of Standards and  Technology  (NIST),  U.S.  Department  of
              Defense, the National Security Agency, and Red Hat.

              This baseline implements configuration requirements from the following sources:

              - NIST 800-53 control selections for High-Impact systems (NIST 800-53)

              For  any  differing configuration requirements, e.g. password lengths, the stricter
              security setting was chosen. Security Requirement Traceability  Guides  (RTMs)  and
              sample  System  Security  Configuration  Guides are provided via the scap-security-
              guide-docs package.

              This profile reflects U.S. Government consensus content and  is  developed  through
              the ComplianceAsCode initiative, championed by the National Security Agency. Except
              for differences in formatting to accommodate  publishing  processes,  this  profile
              mirrors  ComplianceAsCode  content  as  minor  divergences,  such as bugfixes, work
              through the consensus and release processes.

       NIST 800-53 Moderate-Impact Baseline for Red Hat OpenShift - Node level

              Profile ID:  xccdf_org.ssgproject.content_profile_moderate-node

              This  compliance  profile  reflects  the  core  set  of  Moderate-Impact   Baseline
              configuration  settings for deployment of Red Hat OpenShift Container Platform into
              U.S. Defense,  Intelligence,  and  Civilian  agencies.   Development  partners  and
              sponsors  include  the  U.S. National Institute of Standards and Technology (NIST),
              U.S. Department of Defense, the National Security Agency, and Red Hat.

              This baseline implements configuration requirements from the following sources:

              - NIST 800-53 control selections for Moderate-Impact systems (NIST 800-53)

              For any differing configuration requirements, e.g. password lengths,  the  stricter
              security  setting  was  chosen. Security Requirement Traceability Guides (RTMs) and
              sample System Security Configuration Guides are  provided  via  the  scap-security-
              guide-docs package.

              This  profile  reflects  U.S. Government consensus content and is developed through
              the ComplianceAsCode initiative, championed by the National Security Agency. Except
              for  differences  in  formatting  to accommodate publishing processes, this profile
              mirrors ComplianceAsCode content as  minor  divergences,  such  as  bugfixes,  work
              through the consensus and release processes.

       NIST 800-53 Moderate-Impact Baseline for Red Hat OpenShift - Platform level

              Profile ID:  xccdf_org.ssgproject.content_profile_moderate

              This   compliance  profile  reflects  the  core  set  of  Moderate-Impact  Baseline
              configuration settings for deployment of Red Hat OpenShift Container Platform  into
              U.S.  Defense,  Intelligence,  and  Civilian  agencies.   Development  partners and
              sponsors include the U.S. National Institute of Standards  and  Technology  (NIST),
              U.S. Department of Defense, the National Security Agency, and Red Hat.

              This baseline implements configuration requirements from the following sources:

              - NIST 800-53 control selections for Moderate-Impact systems (NIST 800-53)

              For  any  differing configuration requirements, e.g. password lengths, the stricter
              security setting was chosen. Security Requirement Traceability  Guides  (RTMs)  and
              sample  System  Security  Configuration  Guides are provided via the scap-security-
              guide-docs package.

              This profile reflects U.S. Government consensus content and  is  developed  through
              the ComplianceAsCode initiative, championed by the National Security Agency. Except
              for differences in formatting to accommodate  publishing  processes,  this  profile
              mirrors  ComplianceAsCode  content  as  minor  divergences,  such as bugfixes, work
              through the consensus and release processes.

       North American Electric Reliability Corporation (NERC) Critical Infrastructure  Protection
       (CIP)  cybersecurity standards profile for the Red Hat OpenShift Container Platform - Node
       level

              Profile ID:  xccdf_org.ssgproject.content_profile_nerc-cip-node

              This compliance profile reflects a set of security recommendations for the usage of
              Red  Hat  OpenShift  Container  Platform  in  critical infrastructure in the energy
              sector. This follows the recommendations coming from the following CIP standards:

              - CIP-002-5 - CIP-003-8 - CIP-004-6 - CIP-005-6 - CIP-007-3 - CIP-007-6 - CIP-009-6

       North American Electric Reliability Corporation (NERC) Critical Infrastructure  Protection
       (CIP)  cybersecurity  standards  profile  for  the  Red Hat OpenShift Container Platform -
       Platform level

              Profile ID:  xccdf_org.ssgproject.content_profile_nerc-cip

              This compliance profile reflects a set of security recommendations for the usage of
              Red  Hat  OpenShift  Container  Platform  in  critical infrastructure in the energy
              sector. This follows the recommendations coming from the following CIP standards:

              - CIP-002-5 - CIP-003-8 - CIP-004-6 - CIP-005-6 - CIP-007-3 - CIP-007-6 - CIP-009-6

       PCI-DSS v3.2.1 Control Baseline for Red Hat OpenShift Container Platform 4

              Profile ID:  xccdf_org.ssgproject.content_profile_pci-dss-node

              Ensures PCI-DSS v3.2.1 security configuration settings are applied.

       PCI-DSS v3.2.1 Control Baseline for Red Hat OpenShift Container Platform 4

              Profile ID:  xccdf_org.ssgproject.content_profile_pci-dss

              Ensures PCI-DSS v3.2.1 security configuration settings are applied.

Profiles in Guide to the Secure Configuration of Oracle Linux 7

       Source Datastream:  ssg-ol7-ds.xml

       The Guide to the Secure Configuration  of  Oracle  Linux  7  is  broken  into  'profiles',
       groupings of security settings that correlate to a known policy. Available profiles are:

       ANSSI-BP-028 (enhanced)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_nt28_enhanced

              This  profile  contains  configurations  that align to ANSSI-BP-028 at the enhanced
              hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       DRAFT - ANSSI-BP-028 (high)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_nt28_high

              This profile contains  configurations  that  align  to  ANSSI-BP-028  at  the  high
              hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (intermediary)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_nt28_intermediary

              This profile contains configurations that align to ANSSI-BP-028 at the intermediary
              hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (minimal)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_nt28_minimal

              This profile contains configurations that align  to  ANSSI-BP-028  at  the  minimal
              hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       Criminal Justice Information Services (CJIS) Security Policy

              Profile ID:  xccdf_org.ssgproject.content_profile_cjis

              This profile is derived from FBI's CJIS v5.4 Security Policy. A copy of this policy
              can be found at the CJIS Security Policy Resource Center:

              https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center

       Unclassified Information  in  Non-federal  Information  Systems  and  Organizations  (NIST
       800-171)

              Profile ID:  xccdf_org.ssgproject.content_profile_cui

              From   NIST   800-171,  Section  2.2:  Security  requirements  for  protecting  the
              confidentiality of CUI in non-federal information systems and organizations have  a
              well-defined structure that consists of:

              (i)  a  basic  security  requirements section; (ii) a derived security requirements
              section.

              The basic security requirements are  obtained  from  FIPS  Publication  200,  which
              provides   the   high-level  and  fundamental  security  requirements  for  federal
              information and information  systems.  The  derived  security  requirements,  which
              supplement the basic security requirements, are taken from the security controls in
              NIST Special Publication 800-53.

              This profile configures Oracle Linux 7  to  the  NIST  Special  Publication  800-53
              controls identified for securing Controlled Unclassified Information (CUI).

       [DRAFT] Australian Cyber Security Centre (ACSC) Essential Eight

              Profile ID:  xccdf_org.ssgproject.content_profile_e8

              This  profile  contains  configuration  checks for Oracle Linux 7 that align to the
              Australian Cyber Security Centre (ACSC) Essential Eight.

              A copy of the Essential Eight in Linux Environments guide can be found at the  ACSC
              website:

              https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-
              workstations-and-servers

       Health Insurance Portability and Accountability Act (HIPAA)

              Profile ID:  xccdf_org.ssgproject.content_profile_hipaa

              The HIPAA Security Rule establishes U.S. national standards to protect individuals’
              electronic  personal  health  information  that  is  created,  received,  used,  or
              maintained  by  a  covered  entity.  The   Security   Rule   requires   appropriate
              administrative,  physical  and  technical safeguards to ensure the confidentiality,
              integrity, and security of electronic protected health information.

              This profile configures Oracle Linux 7 to the HIPAA Security  Rule  identified  for
              securing of electronic protected health information.  Use of this profile in no way
              guarantees or makes claims against legal  compliance  against  the  HIPAA  Security
              Rule(s).

       NIST National Checklist Program Security Guide

              Profile ID:  xccdf_org.ssgproject.content_profile_ncp

              This  compliance  profile  reflects  the core set of security related configuration
              settings for deployment of Oracle Linux 7 into  U.S.   Defense,  Intelligence,  and
              Civilian  agencies.  Development  partners  and  sponsors include the U.S. National
              Institute of Standards and Technology  (NIST),  U.S.  Department  of  Defense,  the
              National Security Agency, and Red Hat.

              This baseline implements configuration requirements from the following sources:

              -  Committee  on National Security Systems Instruction No. 1253 (CNSSI 1253) - NIST
              Controlled Unclassified Information (NIST 800-171) - NIST 800-53 control selections
              for  MODERATE impact systems (NIST 800-53) - U.S. Government Configuration Baseline
              (USGCB) - NIAP Protection Profile for  General  Purpose  Operating  Systems  v4.2.1
              (OSPP v4.2.1) - DISA Operating System Security Requirements Guide (OS SRG)

              For  any  differing configuration requirements, e.g. password lengths, the stricter
              security setting was chosen. Security Requirement Traceability  Guides  (RTMs)  and
              sample  System  Security  Configuration  Guides are provided via the scap-security-
              guide-docs package.

              This profile reflects U.S. Government consensus content and  is  developed  through
              the  OpenSCAP/SCAP  Security  Guide initiative, championed by the National Security
              Agency. Except for differences in formatting to accommodate  publishing  processes,
              this  profile  mirrors  OpenSCAP/SCAP  Security Guide content as minor divergences,
              such as bugfixes, work through the consensus and release processes.

       [DRAFT] Protection Profile for General Purpose Operating Systems

              Profile ID:  xccdf_org.ssgproject.content_profile_ospp

              This profile reflects mandatory  configuration  controls  identified  in  the  NIAP
              Configuration Annex to the Protection Profile for General Purpose Operating Systems
              (Protection Profile Version 4.2.1).

              This configuration profile is  consistent  with  CNSSI-1253,  which  requires  U.S.
              National   Security   Systems   to  adhere  to  certain  configuration  parameters.
              Accordingly, this configuration profile  is  suitable  for  use  in  U.S.  National
              Security Systems.

       PCI-DSS v3.2.1 Control Baseline Draft for Oracle Linux 7

              Profile ID:  xccdf_org.ssgproject.content_profile_pci-dss

              Ensures PCI-DSS v3.2.1 related security configuration settings are applied.

       Security Profile of Oracle Linux 7 for SAP

              Profile ID:  xccdf_org.ssgproject.content_profile_sap

              This  profile contains rules for Oracle Linux 7 Operating System in compliance with
              SAP note 2069760 and SAP Security  Baseline  Template  version  1.9  Item  I-8  and
              section  4.1.2.2.   Regardless of your system's workload all of these checks should
              pass.

       Standard System Security Profile for Oracle Linux 7

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This profile contains rules to ensure standard security baseline of Oracle Linux  7
              system. Regardless of your system's workload all of these checks should pass.

       DISA STIG for Oracle Linux 7

              Profile ID:  xccdf_org.ssgproject.content_profile_stig

              This  profile  contains configuration checks that align to the DISA STIG for Oracle
              Linux V2R8.

       DISA STIG with GUI for Oracle Linux 7

              Profile ID:  xccdf_org.ssgproject.content_profile_stig_gui

              This profile contains configuration checks that align to the DISA STIG with GUI for
              Oracle Linux V2R8.

              Warning:  The  installation  and  use of a Graphical User Interface (GUI) increases
              your attack vector and decreases your overall security posture. If your Information
              Systems  Security  Officer  (ISSO) lacks a documented operational requirement for a
              graphical user interface, please consider using the standard DISA STIG  for  Oracle
              Linux 7 profile.

Profiles in Guide to the Secure Configuration of Oracle Linux 8

       Source Datastream:  ssg-ol8-ds.xml

       The  Guide  to  the  Secure  Configuration  of  Oracle  Linux 8 is broken into 'profiles',
       groupings of security settings that correlate to a known policy. Available profiles are:

       ANSSI-BP-028 (enhanced)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced

              This profile contains  configurations  that  align  to  ANSSI-BP-028  v1.2  at  the
              enhanced hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (high)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_high

              This  profile  contains  configurations that align to ANSSI-BP-028 v1.2 at the high
              hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (intermediary)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary

              This profile contains  configurations  that  align  to  ANSSI-BP-028  v1.2  at  the
              intermediary hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (minimal)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_minimal

              This profile contains configurations that align to ANSSI-BP-028 v1.2 at the minimal
              hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       Criminal Justice Information Services (CJIS) Security Policy

              Profile ID:  xccdf_org.ssgproject.content_profile_cjis

              This profile is derived from FBI's CJIS v5.4 Security Policy. A copy of this policy
              can be found at the CJIS Security Policy Resource Center:

              https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center

       Unclassified  Information  in  Non-federal  Information  Systems  and  Organizations (NIST
       800-171)

              Profile ID:  xccdf_org.ssgproject.content_profile_cui

              From  NIST  800-171,  Section  2.2:  Security  requirements  for   protecting   the
              confidentiality  of CUI in non-federal information systems and organizations have a
              well-defined structure that consists of:

              (i) a basic security requirements section; (ii)  a  derived  security  requirements
              section.

              The  basic  security  requirements  are  obtained  from FIPS Publication 200, which
              provides  the  high-level  and  fundamental  security  requirements   for   federal
              information  and  information  systems.  The  derived  security requirements, which
              supplement the basic security requirements, are taken from the security controls in
              NIST Special Publication 800-53.

              This  profile  configures  Oracle  Linux  8  to the NIST Special Publication 800-53
              controls identified for securing Controlled Unclassified Information (CUI).

       [DRAFT] Australian Cyber Security Centre (ACSC) Essential Eight

              Profile ID:  xccdf_org.ssgproject.content_profile_e8

              This profile contains configuration checks for Oracle Linux 8  that  align  to  the
              Australian Cyber Security Centre (ACSC) Essential Eight.

              A  copy of the Essential Eight in Linux Environments guide can be found at the ACSC
              website:

              https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-
              workstations-and-servers

       Health Insurance Portability and Accountability Act (HIPAA)

              Profile ID:  xccdf_org.ssgproject.content_profile_hipaa

              The HIPAA Security Rule establishes U.S. national standards to protect individuals’
              electronic  personal  health  information  that  is  created,  received,  used,  or
              maintained   by   a   covered   entity.  The  Security  Rule  requires  appropriate
              administrative, physical and technical safeguards to  ensure  the  confidentiality,
              integrity, and security of electronic protected health information.

              This  profile  configures  Oracle Linux 8 to the HIPAA Security Rule identified for
              securing of electronic protected health information.  Use of this profile in no way
              guarantees  or  makes  claims  against  legal compliance against the HIPAA Security
              Rule(s).

       [DRAFT] Protection Profile for General Purpose Operating Systems

              Profile ID:  xccdf_org.ssgproject.content_profile_ospp

              This profile reflects mandatory  configuration  controls  identified  in  the  NIAP
              Configuration Annex to the Protection Profile for General Purpose Operating Systems
              (Protection Profile Version 4.2.1).

              This configuration profile is  consistent  with  CNSSI-1253,  which  requires  U.S.
              National   Security   Systems   to  adhere  to  certain  configuration  parameters.
              Accordingly, this configuration profile  is  suitable  for  use  in  U.S.  National
              Security Systems.

       PCI-DSS v3.2.1 Control Baseline Draft for Oracle Linux 8

              Profile ID:  xccdf_org.ssgproject.content_profile_pci-dss

              Ensures PCI-DSS v3.2.1 related security configuration settings are applied.

       Standard System Security Profile for Oracle Linux 8

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This  profile contains rules to ensure standard security baseline of Oracle Linux 8
              system. Regardless of your system's workload all of these checks should pass.

       DISA STIG for Oracle Linux 8

              Profile ID:  xccdf_org.ssgproject.content_profile_stig

              This profile contains configuration checks that align to the DISA STIG  for  Oracle
              Linux 8 V1R3.

       DISA STIG with GUI for Oracle Linux 8

              Profile ID:  xccdf_org.ssgproject.content_profile_stig_gui

              This profile contains configuration checks that align to the DISA STIG with GUI for
              Oracle Linux V1R3.

              Warning: The installation and use of a Graphical  User  Interface  (GUI)  increases
              your attack vector and decreases your overall security posture. If your Information
              Systems Security Officer (ISSO) lacks a documented operational  requirement  for  a
              graphical  user  interface, please consider using the standard DISA STIG for Oracle
              Linux 8 profile.

Profiles in Guide to the Secure Configuration of Oracle Linux 9

       Source Datastream:  ssg-ol9-ds.xml

       The Guide to the Secure Configuration  of  Oracle  Linux  9  is  broken  into  'profiles',
       groupings of security settings that correlate to a known policy. Available profiles are:

       ANSSI-BP-028 (enhanced)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced

              This  profile  contains  configurations  that align to ANSSI-BP-028 at the enhanced
              hardening level. ANSSI is the French  National  Information  Security  Agency,  and
              stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028
              is a configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (high)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_high

              This profile contains  configurations  that  align  to  ANSSI-BP-028  at  the  high
              hardening  level.  ANSSI  is  the  French National Information Security Agency, and
              stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028
              is a configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (intermediary)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary

              This profile contains configurations that align to ANSSI-BP-028 at the intermediary
              hardening level. ANSSI is the French  National  Information  Security  Agency,  and
              stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028
              is a configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (minimal)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_minimal

              This profile contains configurations that align  to  ANSSI-BP-028  at  the  minimal
              hardening  level.  ANSSI  is  the  French National Information Security Agency, and
              stands for Agence nationale de la sécurité des systèmes d'information. ANSSI-BP-028
              is a configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       [DRAFT]  Unclassified  Information  in  Non-federal  Information Systems and Organizations
       (NIST 800-171)

              Profile ID:  xccdf_org.ssgproject.content_profile_cui

              From  NIST  800-171,  Section  2.2:  Security  requirements  for   protecting   the
              confidentiality  of  CUI in nonfederal information systems and organizations have a
              well-defined structure that consists of:

              (i) a basic security requirements section; (ii)  a  derived  security  requirements
              section.

              The  basic  security  requirements  are  obtained  from FIPS Publication 200, which
              provides  the  high-level  and  fundamental  security  requirements   for   federal
              information  and  information  systems.  The  derived  security requirements, which
              supplement the basic security requirements, are taken from the security controls in
              NIST Special Publication 800-53.

              This  profile  configures  Oracle  Linux  9  to the NIST Special Publication 800-53
              controls identified for securing Controlled Unclassified Information (CUI)."

       Australian Cyber Security Centre (ACSC) Essential Eight

              Profile ID:  xccdf_org.ssgproject.content_profile_e8

              This profile contains configuration checks for Oracle Linux 9  that  align  to  the
              Australian Cyber Security Centre (ACSC) Essential Eight.

              A  copy of the Essential Eight in Linux Environments guide can be found at the ACSC
              website:

              https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-
              workstations-and-servers

       Health Insurance Portability and Accountability Act (HIPAA)

              Profile ID:  xccdf_org.ssgproject.content_profile_hipaa

              The HIPAA Security Rule establishes U.S. national standards to protect individuals’
              electronic  personal  health  information  that  is  created,  received,  used,  or
              maintained   by   a   covered   entity.  The  Security  Rule  requires  appropriate
              administrative, physical and technical safeguards to  ensure  the  confidentiality,
              integrity, and security of electronic protected health information.

              This  profile  configures  Oracle Linux 9 to the HIPAA Security Rule identified for
              securing of electronic protected health information.  Use of this profile in no way
              guarantees  or  makes  claims  against  legal compliance against the HIPAA Security
              Rule(s).

       [DRAFT] Protection Profile for General Purpose Operating Systems

              Profile ID:  xccdf_org.ssgproject.content_profile_ospp

              This profile is part of Oracle Linux 9 Common Criteria Guidance  documentation  for
              Target  of  Evaluation  based  on  Protection Profile for General Purpose Operating
              Systems (OSPP) version 4.2.1 and Functional Package for SSH version 1.0.

              Where appropriate, CNSSI 1253 or DoD-specific values are  used  for  configuration,
              based on Configuration Annex to the OSPP.

       PCI-DSS v3.2.1 Control Baseline for Oracle Linux 9

              Profile ID:  xccdf_org.ssgproject.content_profile_pci-dss

              Ensures PCI-DSS v3.2.1 security configuration settings are applied.

       Standard System Security Profile for Oracle Linux 9

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This  profile contains rules to ensure standard security baseline of Oracle Linux 9
              system. Regardless of your system's workload all of these checks should pass.

       [DRAFT] DISA STIG for Oracle Linux 9

              Profile ID:  xccdf_org.ssgproject.content_profile_stig

              This is a draft profile based on its OL8 version for experimental purposes.  It  is
              not  based  on the DISA STIG for OL9, because this one was not available at time of
              the release.

       [DRAFT] DISA STIG with GUI for Oracle Linux 9

              Profile ID:  xccdf_org.ssgproject.content_profile_stig_gui

              This is a draft profile based on its OL8 version for experimental purposes.  It  is
              not  based  on the DISA STIG for OL9, because this one was not available at time of
              the release.

              Warning: The installation and use of a Graphical  User  Interface  (GUI)  increases
              your attack vector and decreases your overall security posture. If your Information
              Systems Security Officer (ISSO) lacks a documented operational  requirement  for  a
              graphical  user  interface, please consider using the standard DISA STIG for Oracle
              Linux 9 profile.

Profiles in Guide to the Secure Configuration of openSUSE

       Source Datastream:  ssg-opensuse-ds.xml

       The Guide to the Secure Configuration of openSUSE is broken into 'profiles', groupings  of
       security settings that correlate to a known policy. Available profiles are:

       Standard System Security Profile for openSUSE

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This  profile  contains  rules  to ensure standard security baseline of an openSUSE
              system. Regardless of your system's workload all of these checks should pass.

Profiles in Guide to the Secure Configuration of Red Hat Enterprise Linux CoreOS 4

       Source Datastream:  ssg-rhcos4-ds.xml

       The Guide to the Secure Configuration of Red Hat Enterprise Linux CoreOS 4 is broken  into
       'profiles',  groupings  of  security  settings that correlate to a known policy. Available
       profiles are:

       DRAFT - ANSSI-BP-028 (enhanced)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced

              This profile contains configurations that align to  ANSSI-BP-028  at  the  enhanced
              hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       DRAFT - ANSSI-BP-028 (high)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_high

              This  profile  contains  configurations  that  align  to  ANSSI-BP-028  at the high
              hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       DRAFT - ANSSI-BP-028 (intermediary)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary

              This profile contains configurations that align to ANSSI-BP-028 at the intermediary
              hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       DRAFT - ANSSI-BP-028 (minimal)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_minimal

              This  profile  contains  configurations  that  align to ANSSI-BP-028 at the minimal
              hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       Australian Cyber Security Centre (ACSC) Essential Eight

              Profile ID:  xccdf_org.ssgproject.content_profile_e8

              This profile contains configuration checks for Red Hat Enterprise Linux CoreOS that
              align to the Australian Cyber Security Centre (ACSC) Essential Eight.

              A  copy of the Essential Eight in Linux Environments guide can be found at the ACSC
              website:

              https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-
              workstations-and-servers

       NIST 800-53 High-Impact Baseline for Red Hat Enterprise Linux CoreOS

              Profile ID:  xccdf_org.ssgproject.content_profile_high

              This compliance profile reflects the core set of High-Impact Baseline configuration
              settings for deployment of Red Hat  Enterprise  Linux  CoreOS  into  U.S.  Defense,
              Intelligence, and Civilian agencies.  Development partners and sponsors include the
              U.S. National Institute of Standards and  Technology  (NIST),  U.S.  Department  of
              Defense, the National Security Agency, and Red Hat.

              This baseline implements configuration requirements from the following sources:

              - NIST 800-53 control selections for High-Impact systems (NIST 800-53)

              For  any  differing configuration requirements, e.g. password lengths, the stricter
              security setting was chosen. Security Requirement Traceability  Guides  (RTMs)  and
              sample  System  Security  Configuration  Guides are provided via the scap-security-
              guide-docs package.

              This profile reflects U.S. Government consensus content and  is  developed  through
              the ComplianceAsCode initiative, championed by the National Security Agency. Except
              for differences in formatting to accommodate  publishing  processes,  this  profile
              mirrors  ComplianceAsCode  content  as  minor  divergences,  such as bugfixes, work
              through the consensus and release processes.

       NIST 800-53 Moderate-Impact Baseline for Red Hat Enterprise Linux CoreOS

              Profile ID:  xccdf_org.ssgproject.content_profile_moderate

              This  compliance  profile  reflects  the  core  set  of  Moderate-Impact   Baseline
              configuration  settings for deployment of Red Hat Enterprise Linux CoreOS into U.S.
              Defense, Intelligence, and Civilian agencies.  Development  partners  and  sponsors
              include  the  U.S.  National  Institute  of  Standards  and Technology (NIST), U.S.
              Department of Defense, the National Security Agency, and Red Hat.

              This baseline implements configuration requirements from the following sources:

              - NIST 800-53 control selections for Moderate-Impact systems (NIST 800-53)

              For any differing configuration requirements, e.g. password lengths,  the  stricter
              security  setting  was  chosen. Security Requirement Traceability Guides (RTMs) and
              sample System Security Configuration Guides are  provided  via  the  scap-security-
              guide-docs package.

              This  profile  reflects  U.S. Government consensus content and is developed through
              the ComplianceAsCode initiative, championed by the National Security Agency. Except
              for  differences  in  formatting  to accommodate publishing processes, this profile
              mirrors ComplianceAsCode content as  minor  divergences,  such  as  bugfixes,  work
              through the consensus and release processes.

       North  American Electric Reliability Corporation (NERC) Critical Infrastructure Protection
       (CIP) cybersecurity standards profile for Red Hat Enterprise Linux CoreOS

              Profile ID:  xccdf_org.ssgproject.content_profile_nerc-cip

              This compliance profile reflects a set of security recommendations for the usage of
              Red  Hat  Enterprise  Linux CoreOS in critical infrastructure in the energy sector.
              This follows the recommendations coming from the following CIP standards:

              - CIP-002-5 - CIP-003-8 - CIP-004-6 - CIP-005-6 - CIP-007-3 - CIP-007-6 - CIP-009-6

Profiles in Guide to the Secure Configuration of Red Hat Enterprise Linux 7

       Source Datastream:  ssg-rhel7-ds.xml

       The Guide to the Secure Configuration of  Red  Hat  Enterprise  Linux  7  is  broken  into
       'profiles',  groupings  of  security  settings that correlate to a known policy. Available
       profiles are:

       C2S for Red Hat Enterprise Linux 7

              Profile ID:  xccdf_org.ssgproject.content_profile_C2S

              This profile demonstrates compliance against the U.S. Government  Commercial  Cloud
              Services (C2S) baseline.

              This  baseline  was  inspired  by  the  Center  for Internet Security (CIS) Red Hat
              Enterprise Linux 7 Benchmark, v2.1.1 - 01-31-2017.

              For the SCAP Security Guide project to remain in compliance  with  CIS'  terms  and
              conditions,  specifically Restrictions(8), note there is no representation or claim
              that the C2S profile will ensure a system is in compliance or consistency with  the
              CIS baseline.

       ANSSI-BP-028 (enhanced)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_nt28_enhanced

              This  profile  contains  configurations  that  align  to  ANSSI-BP-028  v1.2 at the
              enhanced hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (high)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_nt28_high

              This profile contains configurations that align to ANSSI-BP-028 v1.2  at  the  high
              hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (intermediary)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_nt28_intermediary

              This  profile  contains  configurations  that  align  to  ANSSI-BP-028  v1.2 at the
              intermediary hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (minimal)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_nt28_minimal

              This profile contains configurations that align to ANSSI-BP-028 v1.2 at the minimal
              hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       CIS Red Hat Enterprise Linux 7 Benchmark for Level 2 - Server

              Profile ID:  xccdf_org.ssgproject.content_profile_cis

              This profile defines a baseline that aligns to the "Level 2 - Server" configuration
              from the Center for Internet Security®  Red  Hat  Enterprise  Linux  7  Benchmark™,
              v3.1.1, released 05-21-2021.

              This  profile includes Center for Internet Security® Red Hat Enterprise Linux 7 CIS
              Benchmarks™ content.

       CIS Red Hat Enterprise Linux 7 Benchmark for Level 1 - Server

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_server_l1

              This profile defines a baseline that aligns to the "Level 1 - Server" configuration
              from  the  Center  for  Internet  Security®  Red Hat Enterprise Linux 7 Benchmark™,
              v3.1.1, released 05-21-2021.

              This profile includes Center for Internet Security® Red Hat Enterprise Linux 7  CIS
              Benchmarks™ content.

       CIS Red Hat Enterprise Linux 7 Benchmark for Level 1 - Workstation

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_workstation_l1

              This  profile  defines  a  baseline  that  aligns  to  the  "Level 1 - Workstation"
              configuration from the Center for Internet Security® Red  Hat  Enterprise  Linux  7
              Benchmark™, v3.1.1, released 05-21-2021.

              This  profile includes Center for Internet Security® Red Hat Enterprise Linux 7 CIS
              Benchmarks™ content.

       CIS Red Hat Enterprise Linux 7 Benchmark for Level 2 - Workstation

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_workstation_l2

              This profile defines a  baseline  that  aligns  to  the  "Level  2  -  Workstation"
              configuration  from  the  Center  for Internet Security® Red Hat Enterprise Linux 7
              Benchmark™, v3.1.1, released 05-21-2021.

              This profile includes Center for Internet Security® Red Hat Enterprise Linux 7  CIS
              Benchmarks™ content.

       Criminal Justice Information Services (CJIS) Security Policy

              Profile ID:  xccdf_org.ssgproject.content_profile_cjis

              This profile is derived from FBI's CJIS v5.4 Security Policy. A copy of this policy
              can be found at the CJIS Security Policy Resource Center:

              https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center

       Unclassified Information  in  Non-federal  Information  Systems  and  Organizations  (NIST
       800-171)

              Profile ID:  xccdf_org.ssgproject.content_profile_cui

              From   NIST   800-171,  Section  2.2:  Security  requirements  for  protecting  the
              confidentiality of CUI in non-federal information systems and organizations have  a
              well-defined structure that consists of:

              (i)  a  basic  security  requirements section; (ii) a derived security requirements
              section.

              The basic security requirements are  obtained  from  FIPS  Publication  200,  which
              provides   the   high-level  and  fundamental  security  requirements  for  federal
              information and information  systems.  The  derived  security  requirements,  which
              supplement the basic security requirements, are taken from the security controls in
              NIST Special Publication 800-53.

              This profile configures Red Hat Enterprise Linux 7 to the NIST Special  Publication
              800-53 controls identified for securing Controlled Unclassified Information (CUI).

       Australian Cyber Security Centre (ACSC) Essential Eight

              Profile ID:  xccdf_org.ssgproject.content_profile_e8

              This  profile  contains  configuration  checks  for Red Hat Enterprise Linux 7 that
              align to the Australian Cyber Security Centre (ACSC) Essential Eight.

              A copy of the Essential Eight in Linux Environments guide can be found at the  ACSC
              website:

              https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-
              workstations-and-servers

       Health Insurance Portability and Accountability Act (HIPAA)

              Profile ID:  xccdf_org.ssgproject.content_profile_hipaa

              The HIPAA Security Rule establishes U.S. national standards to protect individuals’
              electronic  personal  health  information  that  is  created,  received,  used,  or
              maintained  by  a  covered  entity.  The   Security   Rule   requires   appropriate
              administrative,  physical  and  technical safeguards to ensure the confidentiality,
              integrity, and security of electronic protected health information.

              This profile configures Red Hat Enterprise Linux  7  to  the  HIPAA  Security  Rule
              identified  for  securing  of electronic protected health information.  Use of this
              profile in no way guarantees or makes claims against legal compliance  against  the
              HIPAA Security Rule(s).

       NIST National Checklist Program Security Guide

              Profile ID:  xccdf_org.ssgproject.content_profile_ncp

              This  compliance  profile  reflects  the core set of security related configuration
              settings for deployment  of  Red  Hat  Enterprise  Linux  7.x  into  U.S.  Defense,
              Intelligence, and Civilian agencies.  Development partners and sponsors include the
              U.S. National Institute of Standards and  Technology  (NIST),  U.S.  Department  of
              Defense, the National Security Agency, and Red Hat.

              This baseline implements configuration requirements from the following sources:

              -  Committee  on National Security Systems Instruction No. 1253 (CNSSI 1253) - NIST
              Controlled Unclassified Information (NIST 800-171) - NIST 800-53 control selections
              for  MODERATE impact systems (NIST 800-53) - U.S. Government Configuration Baseline
              (USGCB) - NIAP Protection Profile for  General  Purpose  Operating  Systems  v4.2.1
              (OSPP v4.2.1) - DISA Operating System Security Requirements Guide (OS SRG)

              For  any  differing configuration requirements, e.g. password lengths, the stricter
              security setting was chosen. Security Requirement Traceability  Guides  (RTMs)  and
              sample  System  Security  Configuration  Guides are provided via the scap-security-
              guide-docs package.

              This profile reflects U.S. Government consensus content and  is  developed  through
              the  OpenSCAP/SCAP  Security  Guide initiative, championed by the National Security
              Agency. Except for differences in formatting to accommodate  publishing  processes,
              this  profile  mirrors  OpenSCAP/SCAP  Security Guide content as minor divergences,
              such as bugfixes, work through the consensus and release processes.

       OSPP - Protection Profile for General Purpose Operating Systems v4.2.1

              Profile ID:  xccdf_org.ssgproject.content_profile_ospp

              This profile reflects mandatory  configuration  controls  identified  in  the  NIAP
              Configuration Annex to the Protection Profile for General Purpose Operating Systems
              (Protection Profile Version 4.2.1).

              This configuration profile is  consistent  with  CNSSI-1253,  which  requires  U.S.
              National   Security   Systems   to  adhere  to  certain  configuration  parameters.
              Accordingly, this configuration profile  is  suitable  for  use  in  U.S.  National
              Security Systems.

       PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 7

              Profile ID:  xccdf_org.ssgproject.content_profile_pci-dss

              Ensures PCI-DSS v3.2.1 security configuration settings are applied.

       RHV hardening based on STIG for Red Hat Enterprise Linux 7

              Profile ID:  xccdf_org.ssgproject.content_profile_rhelh-stig

              This  profile contains configuration checks for Red Hat Virtualization based on the
              the DISA STIG for Red Hat Enterprise Linux 7.

       VPP - Protection Profile for Virtualization v. 1.0 for Red Hat Virtualization

              Profile ID:  xccdf_org.ssgproject.content_profile_rhelh-vpp

              This compliance profile reflects the core set  of  security  related  configuration
              settings  for  deployment  of  Red Hat Enterprise Linux Hypervisor (RHELH) 7.x into
              U.S. Defense,  Intelligence,  and  Civilian  agencies.   Development  partners  and
              sponsors  include  the  U.S. National Institute of Standards and Technology (NIST),
              U.S. Department of Defense, the National Security Agency, and Red Hat.

              This baseline implements configuration requirements from the following sources:

              - Committee on National Security Systems Instruction No. 1253 (CNSSI 1253)  -  NIST
              800-53  control  selections  for  MODERATE  impact  systems  (NIST  800-53)  - U.S.
              Government  Configuration  Baseline  (USGCB)  -   NIAP   Protection   Profile   for
              Virtualization v1.0 (VPP v1.0)

              For  any  differing configuration requirements, e.g. password lengths, the stricter
              security setting was chosen. Security Requirement Traceability  Guides  (RTMs)  and
              sample  System  Security  Configuration  Guides are provided via the scap-security-
              guide-docs package.

              This profile reflects U.S. Government consensus content and  is  developed  through
              the  ComplianceAsCode  project,  championed by the National Security Agency. Except
              for differences in formatting to accommodate  publishing  processes,  this  profile
              mirrors  ComplianceAsCode  content  as  minor  divergences,  such as bugfixes, work
              through the consensus and release processes.

       Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)

              Profile ID:  xccdf_org.ssgproject.content_profile_rht-ccp

              This  profile  contains  the  minimum  security  relevant  configuration   settings
              recommended  by  Red  Hat, Inc for Red Hat Enterprise Linux 7 instances deployed by
              Red Hat Certified Cloud Providers.

       Standard System Security Profile for Red Hat Enterprise Linux 7

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This profile contains rules to ensure standard  security  baseline  of  a  Red  Hat
              Enterprise Linux 7 system. Regardless of your system's workload all of these checks
              should pass.

       DISA STIG for Red Hat Enterprise Linux 7

              Profile ID:  xccdf_org.ssgproject.content_profile_stig

              This profile contains configuration checks that align to the DISA STIG for Red  Hat
              Enterprise Linux V3R9.

              In addition to being applicable to Red Hat Enterprise Linux 7, DISA recognizes this
              configuration baseline as applicable to  the  operating  system  tier  of  Red  Hat
              technologies that are based on Red Hat Enterprise Linux 7, such as:

              -  Red  Hat  Enterprise  Linux  Server  -  Red Hat Enterprise Linux Workstation and
              Desktop - Red Hat Enterprise Linux for HPC - Red Hat Storage - Red  Hat  Containers
              with a Red Hat Enterprise Linux 7 image

       DISA STIG with GUI for Red Hat Enterprise Linux 7

              Profile ID:  xccdf_org.ssgproject.content_profile_stig_gui

              This profile contains configuration checks that align to the DISA STIG with GUI for
              Red Hat Enterprise Linux V3R9.

              In addition to being applicable to Red Hat Enterprise Linux 7, DISA recognizes this
              configuration  baseline  as  applicable  to  the  operating  system tier of Red Hat
              technologies that are based on Red Hat Enterprise Linux 7, such as:

              - Red Hat Enterprise Linux Server  -  Red  Hat  Enterprise  Linux  Workstation  and
              Desktop  -  Red Hat Enterprise Linux for HPC - Red Hat Storage - Red Hat Containers
              with a Red Hat Enterprise Linux 7 image

              Warning: The installation and use of a Graphical  User  Interface  (GUI)  increases
              your attack vector and decreases your overall security posture. If your Information
              Systems Security Officer (ISSO) lacks a documented operational  requirement  for  a
              graphical  user interface, please consider using the standard DISA STIG for Red Hat
              Enterprise Linux 7 profile.

Profiles in Guide to the Secure Configuration of Red Hat Enterprise Linux 8

       Source Datastream:  ssg-rhel8-ds.xml

       The Guide to the Secure Configuration of  Red  Hat  Enterprise  Linux  8  is  broken  into
       'profiles',  groupings  of  security  settings that correlate to a known policy. Available
       profiles are:

       ANSSI-BP-028 (enhanced)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced

              This profile contains  configurations  that  align  to  ANSSI-BP-028  v1.2  at  the
              enhanced hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (high)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_high

              This  profile  contains  configurations that align to ANSSI-BP-028 v1.2 at the high
              hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (intermediary)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary

              This profile contains  configurations  that  align  to  ANSSI-BP-028  v1.2  at  the
              intermediary hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (minimal)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_minimal

              This profile contains configurations that align to ANSSI-BP-028 v1.2 at the minimal
              hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       CIS Red Hat Enterprise Linux 8 Benchmark for Level 2 - Server

              Profile ID:  xccdf_org.ssgproject.content_profile_cis

              This profile defines a baseline that aligns to the "Level 2 - Server" configuration
              from  the  Center  for  Internet  Security®  Red Hat Enterprise Linux 8 Benchmark™,
              v2.0.0, released 2022-02-23.

              This profile includes Center for Internet Security® Red Hat Enterprise Linux 8  CIS
              Benchmarks™ content.

       CIS Red Hat Enterprise Linux 8 Benchmark for Level 1 - Server

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_server_l1

              This profile defines a baseline that aligns to the "Level 1 - Server" configuration
              from the Center for Internet Security®  Red  Hat  Enterprise  Linux  8  Benchmark™,
              v2.0.0, released 2022-02-23.

              This  profile includes Center for Internet Security® Red Hat Enterprise Linux 8 CIS
              Benchmarks™ content.

       CIS Red Hat Enterprise Linux 8 Benchmark for Level 1 - Workstation

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_workstation_l1

              This profile defines a  baseline  that  aligns  to  the  "Level  1  -  Workstation"
              configuration  from  the  Center  for Internet Security® Red Hat Enterprise Linux 8
              Benchmark™, v2.0.0, released 2022-02-23.

              This profile includes Center for Internet Security® Red Hat Enterprise Linux 8  CIS
              Benchmarks™ content.

       CIS Red Hat Enterprise Linux 8 Benchmark for Level 2 - Workstation

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_workstation_l2

              This  profile  defines  a  baseline  that  aligns  to  the  "Level 2 - Workstation"
              configuration from the Center for Internet Security® Red  Hat  Enterprise  Linux  8
              Benchmark™, v2.0.0, released 2022-02-23.

              This  profile includes Center for Internet Security® Red Hat Enterprise Linux 8 CIS
              Benchmarks™ content.

       Criminal Justice Information Services (CJIS) Security Policy

              Profile ID:  xccdf_org.ssgproject.content_profile_cjis

              This profile is derived from FBI's CJIS v5.4 Security Policy. A copy of this policy
              can be found at the CJIS Security Policy Resource Center:

              https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center

       Unclassified  Information  in  Non-federal  Information  Systems  and  Organizations (NIST
       800-171)

              Profile ID:  xccdf_org.ssgproject.content_profile_cui

              From  NIST  800-171,  Section  2.2:  Security  requirements  for   protecting   the
              confidentiality  of  CUI in nonfederal information systems and organizations have a
              well-defined structure that consists of:

              (i) a basic security requirements section; (ii)  a  derived  security  requirements
              section.

              The  basic  security  requirements  are  obtained  from FIPS Publication 200, which
              provides  the  high-level  and  fundamental  security  requirements   for   federal
              information  and  information  systems.  The  derived  security requirements, which
              supplement the basic security requirements, are taken from the security controls in
              NIST Special Publication 800-53.

              This  profile configures Red Hat Enterprise Linux 8 to the NIST Special Publication
              800-53 controls identified for securing Controlled Unclassified Information (CUI)."

       Australian Cyber Security Centre (ACSC) Essential Eight

              Profile ID:  xccdf_org.ssgproject.content_profile_e8

              This profile contains configuration checks for Red  Hat  Enterprise  Linux  8  that
              align to the Australian Cyber Security Centre (ACSC) Essential Eight.

              A  copy of the Essential Eight in Linux Environments guide can be found at the ACSC
              website:

              https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-
              workstations-and-servers

       Health Insurance Portability and Accountability Act (HIPAA)

              Profile ID:  xccdf_org.ssgproject.content_profile_hipaa

              The HIPAA Security Rule establishes U.S. national standards to protect individuals’
              electronic  personal  health  information  that  is  created,  received,  used,  or
              maintained   by   a   covered   entity.  The  Security  Rule  requires  appropriate
              administrative, physical and technical safeguards to  ensure  the  confidentiality,
              integrity, and security of electronic protected health information.

              This  profile  configures  Red  Hat  Enterprise  Linux 8 to the HIPAA Security Rule
              identified for securing of electronic protected health information.   Use  of  this
              profile  in  no way guarantees or makes claims against legal compliance against the
              HIPAA Security Rule(s).

       Australian Cyber Security Centre (ACSC) ISM Official

              Profile ID:  xccdf_org.ssgproject.content_profile_ism_o

              This profile contains configuration checks for Red  Hat  Enterprise  Linux  8  that
              align  to  the  Australian Cyber Security Centre (ACSC) Information Security Manual
              (ISM) with the applicability marking of OFFICIAL.

              The ISM uses a risk-based approach to cyber security. This profile provides a guide
              to  aligning  Red Hat Enterprise Linux security controls with the ISM, which can be
              used to select controls specific to an organisation's  security  posture  and  risk
              profile.

              A copy of the ISM can be found at the ACSC website:

              https://www.cyber.gov.au/ism

       Protection Profile for General Purpose Operating Systems

              Profile ID:  xccdf_org.ssgproject.content_profile_ospp

              This  profile  reflects  mandatory  configuration  controls  identified in the NIAP
              Configuration Annex to the Protection Profile for General Purpose Operating Systems
              (Protection Profile Version 4.2.1).

              This  configuration  profile  is  consistent  with  CNSSI-1253, which requires U.S.
              National  Security  Systems  to  adhere  to   certain   configuration   parameters.
              Accordingly,  this  configuration  profile  is  suitable  for  use in U.S. National
              Security Systems.

       PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 8

              Profile ID:  xccdf_org.ssgproject.content_profile_pci-dss

              Ensures PCI-DSS v3.2.1 security configuration settings are applied.

       Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)

              Profile ID:  xccdf_org.ssgproject.content_profile_rht-ccp

              This  profile  contains  the  minimum  security  relevant  configuration   settings
              recommended  by  Red  Hat, Inc for Red Hat Enterprise Linux 8 instances deployed by
              Red Hat Certified Cloud Providers.

       Standard System Security Profile for Red Hat Enterprise Linux 8

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This profile contains rules to ensure standard  security  baseline  of  a  Red  Hat
              Enterprise Linux 8 system. Regardless of your system's workload all of these checks
              should pass.

       DISA STIG for Red Hat Enterprise Linux 8

              Profile ID:  xccdf_org.ssgproject.content_profile_stig

              This profile contains configuration checks that align to the DISA STIG for Red  Hat
              Enterprise Linux 8 V1R8.

              In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this
              configuration baseline as applicable to  the  operating  system  tier  of  Red  Hat
              technologies that are based on Red Hat Enterprise Linux 8, such as:

              -  Red  Hat  Enterprise  Linux  Server  -  Red Hat Enterprise Linux Workstation and
              Desktop - Red Hat Enterprise Linux for HPC - Red Hat Storage - Red  Hat  Containers
              with a Red Hat Enterprise Linux 8 image

       DISA STIG with GUI for Red Hat Enterprise Linux 8

              Profile ID:  xccdf_org.ssgproject.content_profile_stig_gui

              This profile contains configuration checks that align to the DISA STIG with GUI for
              Red Hat Enterprise Linux 8 V1R8.

              In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this
              configuration  baseline  as  applicable  to  the  operating  system tier of Red Hat
              technologies that are based on Red Hat Enterprise Linux 8, such as:

              - Red Hat Enterprise Linux Server  -  Red  Hat  Enterprise  Linux  Workstation  and
              Desktop  -  Red Hat Enterprise Linux for HPC - Red Hat Storage - Red Hat Containers
              with a Red Hat Enterprise Linux 8 image

              Warning: The installation and use of a Graphical  User  Interface  (GUI)  increases
              your attack vector and decreases your overall security posture. If your Information
              Systems Security Officer (ISSO) lacks a documented operational  requirement  for  a
              graphical  user interface, please consider using the standard DISA STIG for Red Hat
              Enterprise Linux 8 profile.

Profiles in Guide to the Secure Configuration of Red Hat Enterprise Linux 9

       Source Datastream:  ssg-rhel9-ds.xml

       The Guide to the Secure Configuration of  Red  Hat  Enterprise  Linux  9  is  broken  into
       'profiles',  groupings  of  security  settings that correlate to a known policy. Available
       profiles are:

       ANSSI-BP-028 (enhanced)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced

              This profile contains configurations that align to  ANSSI-BP-028  at  the  enhanced
              hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (high)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_high

              This  profile  contains  configurations  that  align  to  ANSSI-BP-028  at the high
              hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (intermediary)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary

              This profile contains configurations that align to ANSSI-BP-028 at the intermediary
              hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       ANSSI-BP-028 (minimal)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_minimal

              This  profile  contains  configurations  that  align to ANSSI-BP-028 at the minimal
              hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

       [DRAFT] CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 - Server

              Profile ID:  xccdf_org.ssgproject.content_profile_cis

              This is a draft profile based on its RHEL8 version for experimental  purposes.   It
              is  not based on the CIS benchmark for RHEL9, because this one was not available at
              time of the release.

       [DRAFT] CIS Red Hat Enterprise Linux 9 Benchmark for Level 1 - Server

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_server_l1

              This is a draft profile based on its RHEL8 version for experimental  purposes.   It
              is  not based on the CIS benchmark for RHEL9, because this one was not available at
              time of the release.

       [DRAFT] CIS Red Hat Enterprise Linux 9 Benchmark for Level 1 - Workstation

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_workstation_l1

              This is a draft profile based on its RHEL8 version for experimental  purposes.   It
              is  not based on the CIS benchmark for RHEL9, because this one was not available at
              time of the release.

       [DRAFT] CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 - Workstation

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_workstation_l2

              This is a draft profile based on its RHEL8 version for experimental  purposes.   It
              is  not based on the CIS benchmark for RHEL9, because this one was not available at
              time of the release.

       [DRAFT] Unclassified Information in  Non-federal  Information  Systems  and  Organizations
       (NIST 800-171)

              Profile ID:  xccdf_org.ssgproject.content_profile_cui

              From   NIST   800-171,  Section  2.2:  Security  requirements  for  protecting  the
              confidentiality of CUI in nonfederal information systems and organizations  have  a
              well-defined structure that consists of:

              (i)  a  basic  security  requirements section; (ii) a derived security requirements
              section.

              The basic security requirements are  obtained  from  FIPS  Publication  200,  which
              provides   the   high-level  and  fundamental  security  requirements  for  federal
              information and information  systems.  The  derived  security  requirements,  which
              supplement the basic security requirements, are taken from the security controls in
              NIST Special Publication 800-53.

              This profile configures Red Hat Enterprise Linux 9 to the NIST Special  Publication
              800-53 controls identified for securing Controlled Unclassified Information (CUI)."

       Australian Cyber Security Centre (ACSC) Essential Eight

              Profile ID:  xccdf_org.ssgproject.content_profile_e8

              This  profile  contains  configuration  checks  for Red Hat Enterprise Linux 9 that
              align to the Australian Cyber Security Centre (ACSC) Essential Eight.

              A copy of the Essential Eight in Linux Environments guide can be found at the  ACSC
              website:

              https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-
              workstations-and-servers

       Health Insurance Portability and Accountability Act (HIPAA)

              Profile ID:  xccdf_org.ssgproject.content_profile_hipaa

              The HIPAA Security Rule establishes U.S. national standards to protect individuals’
              electronic  personal  health  information  that  is  created,  received,  used,  or
              maintained  by  a  covered  entity.  The   Security   Rule   requires   appropriate
              administrative,  physical  and  technical safeguards to ensure the confidentiality,
              integrity, and security of electronic protected health information.

              This profile configures Red Hat Enterprise Linux  9  to  the  HIPAA  Security  Rule
              identified  for  securing  of electronic protected health information.  Use of this
              profile in no way guarantees or makes claims against legal compliance  against  the
              HIPAA Security Rule(s).

       Australian Cyber Security Centre (ACSC) ISM Official

              Profile ID:  xccdf_org.ssgproject.content_profile_ism_o

              This  profile  contains  configuration  checks  for Red Hat Enterprise Linux 9 that
              align to the Australian Cyber Security Centre (ACSC)  Information  Security  Manual
              (ISM) with the applicability marking of OFFICIAL.

              The ISM uses a risk-based approach to cyber security. This profile provides a guide
              to aligning Red Hat Enterprise Linux security controls with the ISM, which  can  be
              used  to  select  controls  specific to an organisation's security posture and risk
              profile.

              A copy of the ISM can be found at the ACSC website:

              https://www.cyber.gov.au/ism

       Protection Profile for General Purpose Operating Systems

              Profile ID:  xccdf_org.ssgproject.content_profile_ospp

              This profile is part of  Red  Hat  Enterprise  Linux  9  Common  Criteria  Guidance
              documentation  for  Target  of  Evaluation  based on Protection Profile for General
              Purpose Operating Systems (OSPP) version  4.2.1  and  Functional  Package  for  SSH
              version 1.0.

              Where  appropriate,  CNSSI  1253 or DoD-specific values are used for configuration,
              based on Configuration Annex to the OSPP.

       PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 9

              Profile ID:  xccdf_org.ssgproject.content_profile_pci-dss

              Ensures PCI-DSS v3.2.1 security configuration settings are applied.

       [DRAFT] DISA STIG for Red Hat Enterprise Linux 9

              Profile ID:  xccdf_org.ssgproject.content_profile_stig

              This is a draft profile based on its RHEL8 version for experimental  purposes.   It
              is not based on the DISA STIG for RHEL9, because this one was not available at time
              of the release.

              In addition to being applicable to Red Hat Enterprise Linux 9, DISA recognizes this
              configuration  baseline  as  applicable  to  the  operating  system tier of Red Hat
              technologies that are based on Red Hat Enterprise Linux 9, such as:

              - Red Hat Enterprise Linux Server  -  Red  Hat  Enterprise  Linux  Workstation  and
              Desktop  -  Red Hat Enterprise Linux for HPC - Red Hat Storage - Red Hat Containers
              with a Red Hat Enterprise Linux 9 image

       [DRAFT] DISA STIG with GUI for Red Hat Enterprise Linux 9

              Profile ID:  xccdf_org.ssgproject.content_profile_stig_gui

              This is a draft profile based on its RHEL8 version for experimental  purposes.   It
              is not based on the DISA STIG for RHEL9, because this one was not available at time
              of the release.

              In addition to being applicable to Red Hat Enterprise Linux 9, DISA recognizes this
              configuration  baseline  as  applicable  to  the  operating  system tier of Red Hat
              technologies that are based on Red Hat Enterprise Linux 9, such as:

              - Red Hat Enterprise Linux Server  -  Red  Hat  Enterprise  Linux  Workstation  and
              Desktop  -  Red Hat Enterprise Linux for HPC - Red Hat Storage - Red Hat Containers
              with a Red Hat Enterprise Linux 9 image

              Warning: The installation and use of a Graphical  User  Interface  (GUI)  increases
              your attack vector and decreases your overall security posture. If your Information
              Systems Security Officer (ISSO) lacks a documented operational  requirement  for  a
              graphical  user interface, please consider using the standard DISA STIG for Red Hat
              Enterprise Linux 9 profile.

Profiles in Guide to the Secure Configuration of Red Hat Virtualization 4

       Source Datastream:  ssg-rhv4-ds.xml

       The Guide to the  Secure  Configuration  of  Red  Hat  Virtualization  4  is  broken  into
       'profiles',  groupings  of  security  settings that correlate to a known policy. Available
       profiles are:

       PCI-DSS v3.2.1 Control Baseline for Red Hat Virtualization Host (RHVH)

              Profile ID:  xccdf_org.ssgproject.content_profile_pci-dss

              Ensures PCI-DSS v3.2.1 security configuration settings are applied.

       [DRAFT] DISA STIG for Red Hat Virtualization Host (RHVH)

              Profile ID:  xccdf_org.ssgproject.content_profile_rhvh-stig

              This *draft* profile contains configuration checks that align to the DISA STIG  for
              Red Hat Virtualization Host (RHVH).

       VPP - Protection Profile for Virtualization v. 1.0 for Red Hat Virtualization Host (RHVH)

              Profile ID:  xccdf_org.ssgproject.content_profile_rhvh-vpp

              This  compliance  profile  reflects  the core set of security related configuration
              settings for deployment of  Red  Hat  Virtualization  Host  (RHVH)  4.x  into  U.S.
              Defense,  Intelligence,  and  Civilian agencies.  Development partners and sponsors
              include the U.S. National  Institute  of  Standards  and  Technology  (NIST),  U.S.
              Department of Defense, the National Security Agency, and Red Hat.

              This baseline implements configuration requirements from the following sources:

              -  Committee  on National Security Systems Instruction No. 1253 (CNSSI 1253) - NIST
              800-53 control  selections  for  MODERATE  impact  systems  (NIST  800-53)  -  U.S.
              Government   Configuration   Baseline   (USGCB)   -  NIAP  Protection  Profile  for
              Virtualization v1.0 (VPP v1.0)

              For any differing configuration requirements, e.g. password lengths,  the  stricter
              security  setting  was  chosen. Security Requirement Traceability Guides (RTMs) and
              sample System Security Configuration Guides are  provided  via  the  scap-security-
              guide-docs package.

              This  profile  reflects  U.S. Government consensus content and is developed through
              the ComplianceAsCode project, championed by the National  Security  Agency.  Except
              for  differences  in  formatting  to accommodate publishing processes, this profile
              mirrors ComplianceAsCode content as  minor  divergences,  such  as  bugfixes,  work
              through the consensus and release processes.

Profiles in Guide to the Secure Configuration of Red Hat Enterprise Linux 7

       Source Datastream:  ssg-sl7-ds.xml

       The  Guide  to  the  Secure  Configuration  of  Red  Hat Enterprise Linux 7 is broken into
       'profiles', groupings of security settings that correlate to  a  known  policy.  Available
       profiles are:

       PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 7

              Profile ID:  xccdf_org.ssgproject.content_profile_pci-dss

              Ensures PCI-DSS v3.2.1 security configuration settings are applied.

       Standard System Security Profile for Red Hat Enterprise Linux 7

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This  profile  contains  rules  to  ensure  standard security baseline of a Red Hat
              Enterprise Linux 7 system. Regardless of your system's workload all of these checks
              should pass.

Profiles in Guide to the Secure Configuration of SUSE Linux Enterprise 12

       Source Datastream:  ssg-sle12-ds.xml

       The  Guide  to  the  Secure  Configuration  of  SUSE  Linux  Enterprise  12 is broken into
       'profiles', groupings of security settings that correlate to  a  known  policy.  Available
       profiles are:

       ANSSI-BP-028 (enhanced)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced

              This  profile  contains  configurations  that  align  to  ANSSI-BP-028  v1.2 at the
              enhanced hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

              Only the components strictly necessary to the service provided by the system should
              be  installed.   Those  whose  presence  can  not  be justified should be disabled,
              removed or deleted.  Performing a minimal install is a  good  starting  point,  but
              doesn't  provide  any assurance over any package installed later.  Manual review is
              required to assess if the installed services are minimal.

       ANSSI-BP-028 (high)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_high

              This profile contains configurations that align to ANSSI-BP-028 v1.2  at  the  high
              hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

              Only the components strictly necessary to the service provided by the system should
              be installed.  Those whose presence  can  not  be  justified  should  be  disabled,
              removed  or  deleted.   Performing  a minimal install is a good starting point, but
              doesn't provide any assurance over any package installed later.  Manual  review  is
              required to assess if the installed services are minimal.

       ANSSI-BP-028 (intermediary)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary

              This  profile  contains  configurations  that  align  to  ANSSI-BP-028  v1.2 at the
              intermediary hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

              Only the components strictly necessary to the service provided by the system should
              be  installed.   Those  whose  presence  can  not  be justified should be disabled,
              removed or deleted.  Performing a minimal install is a  good  starting  point,  but
              doesn't  provide  any assurance over any package installed later.  Manual review is
              required to assess if the installed services are minimal.

       ANSSI-BP-028 (minimal)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_minimal

              This profile contains configurations that align to ANSSI-BP-028 v1.2 at the minimal
              hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

              Only the components strictly necessary to the service provided by the system should
              be installed.  Those whose presence  can  not  be  justified  should  be  disabled,
              removed  or  deleted.   Performing  a minimal install is a good starting point, but
              doesn't provide any assurance over any package installed later.  Manual  review  is
              required to assess if the installed services are minimal.

       CIS SUSE Linux Enterprise 12 Benchmark for Level 2 - Server

              Profile ID:  xccdf_org.ssgproject.content_profile_cis

              This profile defines a baseline that aligns to the "Level 2 - Server" configuration
              from the Center for Internet Security® SUSE Linux Enterprise 12 Benchmark™, v3.0.0,
              released 04-27-2021.

              This  profile  includes  Center for Internet Security® SUSE Linux Enterprise 12 CIS
              Benchmarks™ content.

       CIS SUSE Linux Enterprise 12 Benchmark for Level 1 - Server

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_server_l1

              This profile defines a baseline that aligns to the "Level 1 - Server" configuration
              from the Center for Internet Security® SUSE Linux Enterprise 12 Benchmark™, v3.0.0,
              released 04-27-2021.

              This profile includes Center for Internet Security® SUSE Linux  Enterprise  12  CIS
              Benchmarks™ content.

       CIS SUSE Linux Enterprise 12 Benchmark for Level 1 - Workstation

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_workstation_l1

              This  profile  defines  a  baseline  that  aligns  to  the  "Level 1 - Workstation"
              configuration from the Center for  Internet  Security®  SUSE  Linux  Enterprise  12
              Benchmark™, v3.0.0, released 04-27-2021.

              This  profile  includes  Center for Internet Security® SUSE Linux Enterprise 12 CIS
              Benchmarks™ content.

       CIS SUSE Linux Enterprise 12 Benchmark Level 2 - Workstation

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_workstation_l2

              This profile defines a  baseline  that  aligns  to  the  "Level  2  -  Workstation"
              configuration  from  the  Center  for  Internet  Security® SUSE Linux Enterprise 12
              Benchmark™, v3.0.0, released 04-27-2021.

              This profile includes Center for Internet Security® SUSE Linux  Enterprise  12  CIS
              Benchmarks™ content.

       PCI-DSS v4 Control Baseline for SUSE Linux enterprise 12

              Profile ID:  xccdf_org.ssgproject.content_profile_pci-dss-4

              Ensures PCI-DSS v4 security configuration settings are applied.

       PCI-DSS v3.2.1 Control Baseline for SUSE Linux enterprise 12

              Profile ID:  xccdf_org.ssgproject.content_profile_pci-dss

              Ensures PCI-DSS v3.2.1 security configuration settings are applied.

       Standard System Security Profile for SUSE Linux Enterprise 12

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This  profile  contains  rules to ensure standard security baseline of a SUSE Linux
              Enterprise 12 system. Regardless of your system's  workload  all  of  these  checks
              should pass.

       DISA STIG for SUSE Linux Enterprise 12

              Profile ID:  xccdf_org.ssgproject.content_profile_stig

              This  profile  contains  configuration  checks that align to the DISA STIG for SUSE
              Linux Enterprise 12 V2R5.

Profiles in Guide to the Secure Configuration of SUSE Linux Enterprise 15

       Source Datastream:  ssg-sle15-ds.xml

       The Guide to the  Secure  Configuration  of  SUSE  Linux  Enterprise  15  is  broken  into
       'profiles',  groupings  of  security  settings that correlate to a known policy. Available
       profiles are:

       ANSSI-BP-028 (enhanced)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced

              This profile contains  configurations  that  align  to  ANSSI-BP-028  v1.2  at  the
              enhanced hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

              Only the components strictly necessary to the service provided by the system should
              be installed.  Those whose presence  can  not  be  justified  should  be  disabled,
              removed  or  deleted.   Performing  a minimal install is a good starting point, but
              doesn't provide any assurance over any package installed later.  Manual  review  is
              required to assess if the installed services are minimal.

       ANSSI-BP-028 (high)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_high

              This  profile  contains  configurations that align to ANSSI-BP-028 v1.2 at the high
              hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

              Only the components strictly necessary to the service provided by the system should
              be  installed.   Those  whose  presence  can  not  be justified should be disabled,
              removed or deleted.  Performing a minimal install is a  good  starting  point,  but
              doesn't  provide  any assurance over any package installed later.  Manual review is
              required to assess if the installed services are minimal.

       ANSSI-BP-028 (intermediary)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary

              This profile contains  configurations  that  align  to  ANSSI-BP-028  v1.2  at  the
              intermediary hardening level.

              ANSSI  is  the  French  National Information Security Agency, and stands for Agence
              nationale  de  la  sécurité  des  systèmes  d'information.    ANSSI-BP-028   is   a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

              Only the components strictly necessary to the service provided by the system should
              be installed.  Those whose presence  can  not  be  justified  should  be  disabled,
              removed  or  deleted.   Performing  a minimal install is a good starting point, but
              doesn't provide any assurance over any package installed later.  Manual  review  is
              required to assess if the installed services are minimal.

       ANSSI-BP-028 (minimal)

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_bp28_minimal

              This profile contains configurations that align to ANSSI-BP-028 v1.2 at the minimal
              hardening level.

              ANSSI is the French National Information Security Agency,  and  stands  for  Agence
              nationale   de   la   sécurité  des  systèmes  d'information.   ANSSI-BP-028  is  a
              configuration recommendation for GNU/Linux systems.

              A   copy   of   the   ANSSI-BP-028   can   be   found   at   the   ANSSI   website:
              https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-
              a-un-systeme-gnulinux/

              Only the components strictly necessary to the service provided by the system should
              be  installed.   Those  whose  presence  can  not  be justified should be disabled,
              removed or deleted.  Performing a minimal install is a  good  starting  point,  but
              doesn't  provide  any assurance over any package installed later.  Manual review is
              required to assess if the installed services are minimal.

       CIS SUSE Linux Enterprise 15 Benchmark for Level 2 - Server

              Profile ID:  xccdf_org.ssgproject.content_profile_cis

              This profile defines a baseline that aligns to the "Level 2 - Server" configuration
              from the Center for Internet Security® SUSE Linux Enterprise 15 Benchmark™, v1.1.0,
              released 09-17-2021.

              This profile includes Center for Internet Security® SUSE Linux  Enterprise  15  CIS
              Benchmarks™ content.

       CIS SUSE Linux Enterprise 15 Benchmark for Level 1 - Server

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_server_l1

              This profile defines a baseline that aligns to the "Level 1 - Server" configuration
              from the Center for Internet Security® SUSE Linux Enterprise 15 Benchmark™, v1.1.0,
              released 09-17-2021.

              This  profile  includes  Center for Internet Security® SUSE Linux Enterprise 15 CIS
              Benchmarks™ content.

       CIS SUSE Linux Enterprise 15 Benchmark for Level 1 - Workstation

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_workstation_l1

              This profile defines a  baseline  that  aligns  to  the  "Level  1  -  Workstation"
              configuration  from  the  Center  for  Internet  Security® SUSE Linux Enterprise 15
              Benchmark™, v1.1.0, released 09-17-2021.

              This profile includes Center for Internet Security® SUSE Linux  Enterprise  15  CIS
              Benchmarks™ content.

       CIS SUSE Linux Enterprise 15 Benchmark Level 2 - Workstation

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_workstation_l2

              This  profile  defines  a  baseline  that  aligns  to  the  "Level 2 - Workstation"
              configuration from the Center for  Internet  Security®  SUSE  Linux  Enterprise  15
              Benchmark™, v1.1.0, released 09-17-2021.

              This  profile  includes  Center for Internet Security® SUSE Linux Enterprise 15 CIS
              Benchmarks™ content.

       Health Insurance Portability and Accountability Act (HIPAA)

              Profile ID:  xccdf_org.ssgproject.content_profile_hipaa

              The HIPAA Security Rule establishes U.S. national standards to protect individuals’
              electronic  personal  health  information  that  is  created,  received,  used,  or
              maintained  by  a  covered  entity.  The   Security   Rule   requires   appropriate
              administrative,  physical  and  technical safeguards to ensure the confidentiality,
              integrity, and security of electronic protected health information.

              This profile contains configuration checks that align to the  HIPPA  Security  Rule
              for SUSE Linux Enterprise 15 V1R3.

       PCI-DSS v4 Control Baseline for SUSE Linux enterprise 15

              Profile ID:  xccdf_org.ssgproject.content_profile_pci-dss-4

              Ensures PCI-DSS v4 security configuration settings are applied.

       PCI-DSS v3.2.1 Control Baseline for SUSE Linux enterprise 15

              Profile ID:  xccdf_org.ssgproject.content_profile_pci-dss

              Ensures PCI-DSS v3.2.1 security configuration settings are applied.

       Hardening  for  Public  Cloud  Image  of  SUSE  Linux  Enterprise  Server  (SLES)  for SAP
       Applications 15

              Profile ID:  xccdf_org.ssgproject.content_profile_pcs-hardening-sap

              This profile contains configuration rules to be used to harden the images  of  SUSE
              Linux Enterprise Server (SLES) for SAP Applications 15 including all Service Packs,
              for Public Cloud providers, currently AWS, Microsoft Azure, and Google Cloud.

       Public Cloud Hardening for SUSE Linux Enterprise 15

              Profile ID:  xccdf_org.ssgproject.content_profile_pcs-hardening

              This profile contains  configuration  checks  to  be  used  to  harden  SUSE  Linux
              Enterprise 15 for use with public cloud providers.

       Standard System Security Profile for SUSE Linux Enterprise 15

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This  profile  contains  rules to ensure standard security baseline of a SUSE Linux
              Enterprise 15 system based off of the SUSE  Hardening  Guide.  Regardless  of  your
              system's workload all of these checks should pass.

       DISA STIG for SUSE Linux Enterprise 15

              Profile ID:  xccdf_org.ssgproject.content_profile_stig

              This  profile  contains  configuration  checks that align to the DISA STIG for SUSE
              Linux Enterprise 15 V1R4.

Profiles in Guide to the Secure Configuration of Ubuntu 16.04

       Source Datastream:  ssg-ubuntu1604-ds.xml

       The Guide to the Secure Configuration of Ubuntu 16.04 is broken into 'profiles', groupings
       of security settings that correlate to a known policy. Available profiles are:

       Profile for ANSSI DAT-NT28 Average (Intermediate) Level

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_np_nt28_average

              This  profile  contains  items  for  GNU/Linux  installations  already protected by
              multiple higher level security stacks.

       Profile for ANSSI DAT-NT28 High (Enforced) Level

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_np_nt28_high

              This  profile  contains  items  for  GNU/Linux  installations   storing   sensitive
              information that can be accessible from unauthenticated or uncontroled networks.

       Profile for ANSSI DAT-NT28 Minimal Level

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_np_nt28_minimal

              This profile contains items to be applied systematically.

       Profile for ANSSI DAT-NT28 Restrictive Level

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive

              This  profile contains items for GNU/Linux installations exposed to unauthenticated
              flows or multiple sources.

       Standard System Security Profile for Ubuntu 16.04

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This profile contains rules to ensure standard security baseline of an Ubuntu 16.04
              system. Regardless of your system's workload all of these checks should pass.

Profiles in Guide to the Secure Configuration of Ubuntu 18.04

       Source Datastream:  ssg-ubuntu1804-ds.xml

       The Guide to the Secure Configuration of Ubuntu 18.04 is broken into 'profiles', groupings
       of security settings that correlate to a known policy. Available profiles are:

       Profile for ANSSI DAT-NT28 Average (Intermediate) Level

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_np_nt28_average

              This profile contains  items  for  GNU/Linux  installations  already  protected  by
              multiple higher level security stacks.

       Profile for ANSSI DAT-NT28 High (Enforced) Level

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_np_nt28_high

              This   profile   contains  items  for  GNU/Linux  installations  storing  sensitive
              information that can be accessible from unauthenticated or uncontroled networks.

       Profile for ANSSI DAT-NT28 Minimal Level

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_np_nt28_minimal

              This profile contains items to be applied systematically.

       Profile for ANSSI DAT-NT28 Restrictive Level

              Profile ID:  xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive

              This profile contains items for GNU/Linux installations exposed to  unauthenticated
              flows or multiple sources.

       CIS Ubuntu 18.04 LTS Benchmark

              Profile ID:  xccdf_org.ssgproject.content_profile_cis

              This  baseline  aligns  to  the  Center  for  Internet  Security  Ubuntu  18.04 LTS
              Benchmark, v1.0.0, released 08-13-2018.

       Standard System Security Profile for Ubuntu 18.04

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This profile contains rules to ensure standard security baseline of an Ubuntu 18.04
              system. Regardless of your system's workload all of these checks should pass.

Profiles in Guide to the Secure Configuration of Ubuntu 20.04

       Source Datastream:  ssg-ubuntu2004-ds.xml

       The Guide to the Secure Configuration of Ubuntu 20.04 is broken into 'profiles', groupings
       of security settings that correlate to a known policy. Available profiles are:

       CIS Ubuntu 20.04 Level 1 Server Benchmark

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_level1_server

              This baseline  aligns  to  the  Center  for  Internet  Security  Ubuntu  20.04  LTS
              Benchmark, v1.0.0, released 07-21-2020.

       CIS Ubuntu 20.04 Level 1 Workstation Benchmark

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_level1_workstation

              This  baseline  aligns  to  the  Center  for  Internet  Security  Ubuntu  20.04 LTS
              Benchmark, v1.0.0, released 07-21-2020.

       CIS Ubuntu 20.04 Level 2 Server Benchmark

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_level2_server

              This baseline  aligns  to  the  Center  for  Internet  Security  Ubuntu  20.04  LTS
              Benchmark, v1.0.0, released 07-21-2020.

       CIS Ubuntu 20.04 Level 2 Workstation Benchmark

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_level2_workstation

              This  baseline  aligns  to  the  Center  for  Internet  Security  Ubuntu  20.04 LTS
              Benchmark, v1.0.0, released 07-21-2020.

       Standard System Security Profile for Ubuntu 20.04

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This profile contains rules to ensure standard security baseline of an Ubuntu 20.04
              system. Regardless of your system's workload all of these checks should pass.

       Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide (STIG) V1R1

              Profile ID:  xccdf_org.ssgproject.content_profile_stig

              This  Security Technical Implementation Guide is published as a tool to improve the
              security of Department of Defense (DoD) information systems.  The requirements  are
              derived  from  the National Institute of Standards and Technology (NIST) 800-53 and
              related documents.

Profiles in Guide to the Secure Configuration of Ubuntu 22.04

       Source Datastream:  ssg-ubuntu2204-ds.xml

       The Guide to the Secure Configuration of Ubuntu 22.04 is broken into 'profiles', groupings
       of security settings that correlate to a known policy. Available profiles are:

       CIS Ubuntu 22.04 Level 1 Server Benchmark

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_level1_server

              This  baseline  aligns  to  the  Center  for  Internet  Security  Ubuntu  22.04 LTS
              Benchmark, v1.0.0, released 07-21-2020.

       CIS Ubuntu 22.04 Level 1 Workstation Benchmark

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_level1_workstation

              This baseline  aligns  to  the  Center  for  Internet  Security  Ubuntu  22.04  LTS
              Benchmark, v1.0.0, released 07-21-2020.

       CIS Ubuntu 22.04 Level 2 Server Benchmark

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_level2_server

              This  baseline  aligns  to  the  Center  for  Internet  Security  Ubuntu  22.04 LTS
              Benchmark, v1.0.0, released 07-21-2020.

       CIS Ubuntu 22.04 Level 2 Workstation Benchmark

              Profile ID:  xccdf_org.ssgproject.content_profile_cis_level2_workstation

              This baseline  aligns  to  the  Center  for  Internet  Security  Ubuntu  22.04  LTS
              Benchmark, v1.0.0, released 07-21-2020.

       Standard System Security Profile for Ubuntu 22.04

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This profile contains rules to ensure standard security baseline of an Ubuntu 22.04
              system. Regardless of your system's workload all of these checks should pass.

Profiles in Guide to the Secure Configuration of UnionTech OS Server 20

       Source Datastream:  ssg-uos20-ds.xml

       The Guide to the Secure Configuration of UnionTech OS Server 20 is broken into 'profiles',
       groupings of security settings that correlate to a known policy. Available profiles are:

       Standard System Security Profile for UnionTech OS Server 20

              Profile ID:  xccdf_org.ssgproject.content_profile_standard

              This  profile contains rules to ensure standard security baseline of a UnionTech OS
              Server 20 system. Regardless of your system's workload all of these  checks  should
              pass.

EXAMPLES

       To scan your system utilizing the OpenSCAP utility against the ospp profile:

       oscap   xccdf  eval  --profile  ospp  --results  /tmp/`hostname`-ssg-results.xml  --report
       /tmp/`hostname`-ssg-results.html                                            --oval-results
       /usr/share/xml/scap/ssg/content/ssg-{product}-xccdf.xml

       Additional     details     can     be     found     on    the    projects    wiki    page:
       https://www.github.com/ComplianceAsCode/content/wiki

FILES

       /usr/share/xml/scap/ssg/content
              Houses SCAP content utilizing the following naming conventions:

              SCAP Source Datastreams: ssg-{product}-ds.xml

              CPE Dictionaries: ssg-{product}-cpe-dictionary.xml

              CPE OVAL Content: ssg-{product}-cpe-oval.xml

              OVAL Content: ssg-{product}-oval.xml

              XCCDF Content: ssg-{product}-xccdf.xml

       /usr/share/doc/scap-security-guide/guides/
              HTML versions of SSG profiles.

       /usr/share/scap-security-guide/ansible/
              Contains Ansible Playbooks for SSG profiles.

       /usr/share/scap-security-guide/bash/
              Contains Bash remediation scripts for SSG profiles.

DEPLOYMENT TO U.S. CIVILIAN GOVERNMENT SYSTEMS

       SCAP Security Guide content is considered vendor (Red Hat) provided content.  Per guidance
       from  the  U.S.  National  Institute  of  Standards and Technology (NIST), U.S. Government
       programs are allowed to use Vendor produced  SCAP  content  in  absence  of  "Governmental
       Authority"          checklists.         The         specific         NIST         verbage:
       http://web.nvd.nist.gov/view/ncp/repository/glossary?cid=1#Authority

DEPLOYMENT TO U.S. MILITARY SYSTEMS

       DoD Directive (DoDD) 8500.1 requires that "all IA and IA-enabled IT products  incorporated
       into  DoD information systems shall be configured in accordance with DoD-approved security
       configuration guidelines" and tasks Defense Information Systems Agency (DISA) to  "develop
       and  provide  security  configuration  guidance  for  IA  and  IA-enabled  IT  products in
       coordination with Director, NSA."  The output of  this  authority  is  the  DISA  Security
       Technical  Implementation Guides, or STIGs. DISA FSO is in the process of moving the STIGs
       towards the use of the NIST Security  Content  Automation  Protocol  (SCAP)  in  order  to
       "automate" compliance reporting of the STIGs.

       Through  a  common,  shared  vision,  the  SCAP  Security  Guide  community  enjoys  close
       collaboration directly with NSA, NIST, and DISA FSO. As stated in Section 1.1 of  the  Red
       Hat Enterprise Linux 6 STIG Overview, Version 1, Release 2, issued on 03-JUNE-2013:

       "The  consensus  content  was  developed using an open-source project called SCAP Security
       Guide. The project's website is https://www.open-scap.org/security-policies/scap-security-
       guide.   Except  for  differences  in  formatting  to accommodate the DISA STIG publishing
       process, the content of the Red Hat  Enterprise  Linux  6  STIG  should  mirror  the  SCAP
       Security  Guide  content  with only minor divergence as updates from multiple sources work
       through the consensus process."

       The DoD STIG for Red Hat Enterprise Linux 7, revision V2R4,  was  released  in  July  2019
       Currently,  the  DoD  Red  Hat  Enterprise Linux 7 STIG contains only XCCDF content and is
       available   online:   https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-
       systems%2Cunix-linux

       Content  published against the public.cyber.mil website is authoritative STIG content. The
       SCAP Security Guide project, as  noted  in  the  STIG  overview,  is  considered  upstream
       content.  Unlike  DISA  FSO,  the SCAP Security Guide project does publish OVAL automation
       content. Individual programs and C&A evaluators make program-level determinations  on  the
       direct usage of the SCAP Security Guide.  Currently there is no blanket approval.

SEE ALSO

       oscap(8)

AUTHOR

       Please      direct      all      questions      to      the      SSG     mailing     list:
       https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide