The C2S profile demonstrates compliance against the U.S. Government Commercial Cloud Services (C2S) baseline.

This baseline was inspired by the Center for Internet Security (CIS) Red Hat Enterprise Linux 7 Benchmark, v1.1.0 - 04-02-2015. For the SCAP Security Guide project to remain in compliance with CIS' terms and conditions, specifically Restrictions(8), note there is no representation or claim that the C2S profile will ensure a system is in compliance or consistency with the CIS baseline.

The CS2 is an example of a customized server profile.

The CSCF RHEL6 MLS Core Baseline profile reflects the Centralized Super Computing Facility (CSCF) baseline for Red Hat Enterprise Linux 6. This baseline has received government ATO through the ICD 503 process, utilizing the CNSSI 1253 cross domain overlay. This profile should be considered in active development. Additional tailoring will be needed, such as the creation of RBAC roles for production deployment.

The Desktop Baseline profile is for a desktop installation of Red Hat Enterprise Linux 6.

A FISMA Medium profile for Red Hat Enterprise Linux 6

A profile for FTP servers

The CNSSI 1253 Low/Low/Low Control Baseline for Red Hat Enterprise Linux 6 Profile follows the Committee on National Security Systems Instruction (CNSSI) No. 1253, "Security Categorization and Control Selection for National Security Systems" on security controls to meet low confidentiality, low integrity, and low assurance."

The PCI-DSS v3 Control Baseline Profile for Red Hat Enterprise Linux 6 is a *draft* profile for PCI-DSS v3

The Red Hat Corporate Profile for Certified Cloud Providers (RH CCP) profile is a *draft* SCAP profile for Red Hat Certified Cloud Providers.

The Server Baseline profile is for Red Hat Enterprise Linux 6 acting as a server.

The Standard System Security Profile contains rules to ensure standard security baseline of Red Hat Enterprise Linux 6 system. Regardless of your system's workload all of these checks should pass.

The Security Technical Implementation Guides (STIGs) and the NSA Guides are the configuration standards for DOD IA and IA-enabled devices/systems. Since 1998, DISA Field Security Operations (FSO) has played a critical role enhancing the security posture of DoD's security systems by providing the Security Technical Implementation Guides (STIGs). This profile was created as a collaboration effort between the National Security Agency, DISA FSO, and Red Hat.

As a result of the upstream/downstream relationship between the SCAP Security Guide project and the official DISA FSO STIG baseline, users should expect variance between SSG and DISA FSO content. For additional information relating to STIGs, please refer to the DISA FSO webpage at http://iase.disa.mil/stigs/

While this profile is packaged by Red Hat as part of the SCAP Security Guide package, please note that commercial support of this SCAP content is NOT available. This profile is provided as example SCAP content with no endorsement for suitability or production readiness. Support for this profile is provided by the upstream SCAP Security Guide community on a best-effort basis. The upstream project homepage is https://www.open-scap.org/security-policies/scap-security-guide.

This profile is being developed under the DoD consensus model to become a STIG in coordination with DISA FSO.

The purpose of the United States Government Configuration Baseline (USGCB) initiative is to create security configuration baselines for Information Technology products widely deployed across the federal agencies. The USGCB baseline evolved from the Federal Desktop Core Configuration mandate. The USGCB is a Federal government-wide initiative that provides guidance to agencies on what should be done to improve and maintain an effective configuration settings focusing primarily on security.

NOTE: While the current content maps to USGCB requirements, it has NOT been validated by NIST as of yet. This content should be considered draft, we are highly interested in feedback.

For additional information relating to USGCB, please refer to the NIST webpage at http://usgcb.nist.gov/usgcb_content.html.

The C2S profile demonstrates compliance against the U.S. Government Commercial Cloud Services (C2S) baseline.

This baseline was inspired by the Center for Internet Security (CIS) Red Hat Enterprise Linux 7 Benchmark, v1.1.0 - 04-02-2015. For the SCAP Security Guide project to remain in compliance with CIS' terms and conditions, specifically Restrictions(8), note there is no representation or claim that the C2S profile will ensure a system is in compliance or consistency with the CIS baseline.

The Criminal Justice Information Services Security Policy is a *draft* profile for CJIS v5.4. The scope of this profile is to configure Red Hat Enteprise Linux 7 against the U. S. Department of Justice, FBI CJIS Security Policy.

The common profile is intended to be used as a base, universal profile for scanning of general-purpose Red Hat Enterprise Linux systems.

The Standard Docker Host Security Profile contains rules to ensure standard security baseline of Red Hat Enterprise Linux 7 system running the docker daemon. This discussion is currently being held on open-scap-list@redhat.com and scap-security-guide@lists.fedorahosted.org.

This profile is developed in partnership with the U.S. National Institute of Science and Technology (NIST), U.S. Department of Defense, the National Security Agency, and Red Hat. The USGCB is intended to be the core set of security related configuration settings by which all federal agencies should comply.

The PCI-DSS v3 Control Baseline Profile for Red Hat Enterprise Linux 7 is a *draft* profile for PCI-DSS v3

The Red Hat Corporate Profile for Certified Cloud Providers (RH CCP) profile is a *draft* SCAP profile for Red Hat Certified Cloud Providers.

The Standard System Security Profile contains rules to ensure standard security baseline of Red Hat Enterprise Linux 7 system. Regardless of your system's workload all of these checks should pass.

The DISA STIG for Red Hat Enterprise Linux 7 Server V1R4.

The Security Technical Implementation Guides (STIGs) and the NSA Guides are the configuration standards for DOD IA and IA-enabled devices/systems. Since 1998, DISA Field Security Operations (FSO) has played a critical role enhancing the security posture of DoD's security systems by providing the Security Technical Implementation Guides (STIGs). This profile was created as a collaboration effort between the National Security Agency, DISA FSO, and Red Hat.

As a result of the upstream/downstream relationship between the SCAP Security Guide project and the official DISA FSO STIG baseline, users should expect variance between SSG and DISA FSO content. For additional information relating to STIGs, please refer to the DISA FSO webpage at http://iase.disa.mil/stigs/

While this profile is packaged by Red Hat as part of the SCAP Security Guide package, please note that commercial support of this SCAP content is NOT available. This profile is provided as example SCAP content with no endorsement for suitability or production readiness. Support for this profile is provided by the upstream SCAP Security Guide community on a best-effort basis. The upstream project homepage is https://www.open-scap.org/security-policies/scap-security-guide.

This profile is developed under the DoD consensus model to become a STIG in coordination with DISA FSO.

Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)

From NIST 800-171, Section 2.2: Security requirements for protecting the confidentiality of CUI in nonfederal information systems and organizations have a well-defined structure that consists of: (i) a basic security requirements section; and (ii) a derived security requirements section. The basic security requirements are obtained from FIPS Publication 200, which provides the high-level and fundamental security requirements for federal information and information systems. The derived security requirements, which supplement the basic security requirements, are taken from the security controls in NIST Special Publication 800-53.

This profile configures Red Hat Enterprise Linux 7 to the NIST Special Publication 800-53 controls identified for securing Controlled Unclassified Information (CUI).

The common profile is intended to be used as a base, universal profile for scanning of general-purpose Fedora systems.

The Standard System Security Profile contains rules to ensure standard security baseline of a Fedora system. Regardless of your system's workload all of these checks should pass.

Houses SCAP content utilizing the following naming conventions:

CPE_Dictionaries: ssg-{profile}-cpe-dictionary.xml

CPE_OVAL_Content: ssg-{profile}-cpe-oval.xml

OVAL_Content: ssg-{profile}-oval.xml

XCCDF_Content: ssg-{profile}-xccdf.xml

HTML versions of SSG profiles.