Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add draft status to all RHEL 10 profiles #12224

Merged
merged 3 commits into from
Jul 29, 2024
Merged

Add draft status to all RHEL 10 profiles #12224

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
af17e5a
Add draft status to all RHEL 10 profiles
Mab879 Jul 25, 2024
c2f0c4c
Fix OSPP RHEL 10 description
Mab879 Jul 29, 2024
6615b9f
Update products/rhel10/profiles/ospp.profile
Mab879 Jul 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions products/rhel10/profiles/anssi_bp28_enhanced.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,11 @@ metadata:
- marcusburghardt
- vojtapolasek

title: 'ANSSI-BP-028 (enhanced)'
title: 'DRAFT - ANSSI-BP-028 (enhanced)'

description: |-
This profile contains configurations that align to ANSSI-BP-028 v2.0 at the enhanced hardening level.
This is a draft profile for experimental purposes.
This draft profile contains configurations that align to ANSSI-BP-028 v2.0 at the enhanced hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
Expand Down
5 changes: 3 additions & 2 deletions products/rhel10/profiles/anssi_bp28_high.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,11 @@ metadata:
- marcusburghardt
- vojtapolasek

title: 'ANSSI-BP-028 (high)'
title: 'DRAFT - ANSSI-BP-028 (high)'

description: |-
This profile contains configurations that align to ANSSI-BP-028 v2.0 at the high hardening level.
This is a draft profile for experimental purposes.
This draft profile contains configurations that align to ANSSI-BP-028 v2.0 at the high hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
Expand Down
5 changes: 3 additions & 2 deletions products/rhel10/profiles/anssi_bp28_intermediary.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,11 @@ metadata:
- marcusburghardt
- vojtapolasek

title: 'ANSSI-BP-028 (intermediary)'
title: 'DRAFT - ANSSI-BP-028 (intermediary)'

description: |-
This profile contains configurations that align to ANSSI-BP-028 v2.0 at the intermediary hardening level.
This is a draft profile for experimental purposes.
This draft profile contains configurations that align to ANSSI-BP-028 v2.0 at the intermediary hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
Expand Down
5 changes: 3 additions & 2 deletions products/rhel10/profiles/anssi_bp28_minimal.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,11 @@ metadata:
- marcusburghardt
- vojtapolasek

title: 'ANSSI-BP-028 (minimal)'
title: 'DRAFT - ANSSI-BP-028 (minimal)'

description: |-
This profile contains configurations that align to ANSSI-BP-028 v2.0 at the minimal hardening level.
This is a draft profile for experimental purposes.
This draft profile contains configurations that align to ANSSI-BP-028 v2.0 at the minimal hardening level.

ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
Expand Down
14 changes: 8 additions & 6 deletions products/rhel10/profiles/e8.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,16 +7,18 @@ metadata:

reference: https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers

title: 'Australian Cyber Security Centre (ACSC) Essential Eight'
title: 'DRAFT - Australian Cyber Security Centre (ACSC) Essential Eight'

description: |-
This profile contains configuration checks for Red Hat Enterprise Linux 10
that align to the Australian Cyber Security Centre (ACSC) Essential Eight.
This is a draft profile for experimental purposes.

A copy of the Essential Eight in Linux Environments guide can be found at the
ACSC website:
This draft profile contains configuration checks for Red Hat Enterprise Linux 10
that align to the Australian Cyber Security Centre (ACSC) Essential Eight.

https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers
A copy of the Essential Eight in Linux Environments guide can be found at the
ACSC website:

https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers

selections:
- e8:all
Expand Down
6 changes: 4 additions & 2 deletions products/rhel10/profiles/hipaa.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,17 +6,19 @@ metadata:

reference: https://www.hhs.gov/hipaa/for-professionals/index.html

title: 'Health Insurance Portability and Accountability Act (HIPAA)'
title: 'DRAFT - Health Insurance Portability and Accountability Act (HIPAA)'

description: |-
This is a draft profile for experimental purposes.

The HIPAA Security Rule establishes U.S. national standards to protect individuals’
electronic personal health information that is created, received, used, or
maintained by a covered entity. The Security Rule requires appropriate
administrative, physical and technical safeguards to ensure the
confidentiality, integrity, and security of electronic protected health
information.

This profile configures Red Hat Enterprise Linux 10 to the HIPAA Security
This draft profile configures Red Hat Enterprise Linux 10 to the HIPAA Security
Rule identified for securing of electronic protected health information.
Use of this profile in no way guarantees or makes claims against legal compliance against the HIPAA Security Rule(s).

Expand Down
16 changes: 8 additions & 8 deletions products/rhel10/profiles/ism_o.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,19 +10,19 @@ metadata:

reference: https://www.cyber.gov.au/ism

title: 'Australian Cyber Security Centre (ACSC) ISM Official - Base'
title: 'DRAFT - Australian Cyber Security Centre (ACSC) ISM Official - Base'

description: |-
This profile contains configuration checks for Red Hat Enterprise Linux 10
that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM).
This draft profile contains configuration checks for Red Hat Enterprise Linux 10
that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM).

The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning
Red Hat Enterprise Linux security controls with the ISM, which can be used to select controls
specific to an organisation's security posture and risk profile.
The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning
Red Hat Enterprise Linux security controls with the ISM, which can be used to select controls
specific to an organisation's security posture and risk profile.

A copy of the ISM can be found at the ACSC website:
A copy of the ISM can be found at the ACSC website:

https://www.cyber.gov.au/ism
https://www.cyber.gov.au/ism

extends: e8

Expand Down
18 changes: 10 additions & 8 deletions products/rhel10/profiles/ism_o_secret.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,19 +10,21 @@ metadata:

reference: https://www.cyber.gov.au/ism

title: 'Australian Cyber Security Centre (ACSC) ISM Official - Secret'
title: 'DRAFT - Australian Cyber Security Centre (ACSC) ISM Official - Secret'

description: |-
This profile contains configuration checks for Red Hat Enterprise Linux 10
that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM).
This is a draft profile for experimental purposes.

The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning
Red Hat Enterprise Linux security controls with the ISM, which can be used to select controls
specific to an organisation's security posture and risk profile.
This draft profile contains configuration checks for Red Hat Enterprise Linux 10
that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM).

A copy of the ISM can be found at the ACSC website:
The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning
Red Hat Enterprise Linux security controls with the ISM, which can be used to select controls
specific to an organisation's security posture and risk profile.

https://www.cyber.gov.au/ism
A copy of the ISM can be found at the ACSC website:

https://www.cyber.gov.au/ism

extends: e8

Expand Down
16 changes: 8 additions & 8 deletions products/rhel10/profiles/ism_o_top_secret.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,19 +10,19 @@ metadata:

reference: https://www.cyber.gov.au/ism

title: 'Australian Cyber Security Centre (ACSC) ISM Official - Top Secret'
title: 'DRAFT - Australian Cyber Security Centre (ACSC) ISM Official - Top Secret'

description: |-
This profile contains configuration checks for Red Hat Enterprise Linux 10
that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM).
This draft profile contains configuration checks for Red Hat Enterprise Linux 10
that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM).

The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning
Red Hat Enterprise Linux security controls with the ISM, which can be used to select controls
specific to an organisation's security posture and risk profile.
The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning
Red Hat Enterprise Linux security controls with the ISM, which can be used to select controls
specific to an organisation's security posture and risk profile.

A copy of the ISM can be found at the ACSC website:
A copy of the ISM can be found at the ACSC website:

https://www.cyber.gov.au/ism
https://www.cyber.gov.au/ism

extends: e8

Expand Down
7 changes: 4 additions & 3 deletions products/rhel10/profiles/ospp.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,11 @@ reference: https://www.niap-ccevs.org/Profile/Info.cfm?PPID=469&id=469
title: 'DRAFT - Protection Profile for General Purpose Operating Systems'

description: |-
This profile is part of Red Hat Enterprise Linux 9 Common Criteria Guidance
This is draft profile is not based on the Red Hat Enterprise Linux 10 riteria Guidance
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This draft profile is not based on the Red Hat Enterprise Linux 10 Common Criteria Guidance

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The description doesn't make sense, please reword.

documentation for Target of Evaluation based on Protection Profile for
General Purpose Operating Systems (OSPP) version 4.3 and Functional
Package for SSH version 1.0.
General Purpose Operating Systems was it not available not the time of
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

because it was not available at the time of the release.

release.


Where appropriate, CNSSI 1253 or DoD-specific values are used for
configuration, based on Configuration Annex to the OSPP.
Expand Down
6 changes: 4 additions & 2 deletions products/rhel10/profiles/pci-dss.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,17 @@ metadata:

reference: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf

title: 'PCI-DSS v4.0 Control Baseline for Red Hat Enterprise Linux 10'
title: 'DRAFT - PCI-DSS v4.0 Control Baseline for Red Hat Enterprise Linux 10'

description: |-
This is a draft profile for experimental purposes.

Payment Card Industry - Data Security Standard (PCI-DSS) is a set of
security standards designed to ensure the secure handling of payment card
data, with the goal of preventing data breaches and protecting sensitive
financial information.

This profile ensures Red Hat Enterprise Linux 10 is configured in alignment
This draft profile ensures Red Hat Enterprise Linux 10 is configured in alignment
with PCI-DSS v4.0 requirements.

selections:
Expand Down
Loading