DISA_STIG_Red_Hat_Enterprise_Linux_7_v3r15.audit from DISA Red Hat Enterprise Linux 7 v3r15 STIG

RHEL-07-010010 - The Red Hat Enterprise Linux operating system must be configured so that the file permissions, ownership, and group membership of system files and commands match the vendor values.

800-53|AC-3(4)

800-53|AC-6(10)

800-53|AU-9

800-53|AU-9(3)

CAT|I

CCI|CCI-001494

CCI|CCI-001496

CCI|CCI-002165

CCI|CCI-002235

Rule-ID|SV-204392r991558_rule

STIG-ID|RHEL-07-010010

STIG-Legacy|SV-86473

STIG-Legacy|V-71849

Vuln-ID|V-204392

RHEL-07-010019 - The Red Hat Enterprise Linux operating system must ensure cryptographic verification of vendor software packages.

800-53|CM-5(3)

CAT|II

CCI|CCI-001749

Rule-ID|SV-256968r982212_rule

STIG-ID|RHEL-07-010019

Vuln-ID|V-256968

RHEL-07-010020 - The Red Hat Enterprise Linux operating system must be configured so that the cryptographic hash of system files and commands matches vendor values.

Rule-ID|SV-214799r991589_rule

STIG-ID|RHEL-07-010020

STIG-Legacy|SV-86479

STIG-Legacy|V-71855

Vuln-ID|V-214799

RHEL-07-010030 - The Red Hat Enterprise Linux operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.

800-53|AC-8a.

CCI|CCI-000048

Rule-ID|SV-204393r958390_rule

STIG-ID|RHEL-07-010030

STIG-Legacy|SV-86483

STIG-Legacy|V-71859

Vuln-ID|V-204393

RHEL-07-010040 - The Red Hat Enterprise Linux operating system must display the approved Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.

Rule-ID|SV-204394r958390_rule

STIG-ID|RHEL-07-010040

STIG-Legacy|SV-86485

STIG-Legacy|V-71861

Vuln-ID|V-204394

RHEL-07-010050 - The Red Hat Enterprise Linux operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.

Rule-ID|SV-204395r958390_rule

STIG-ID|RHEL-07-010050

STIG-Legacy|SV-86487

STIG-Legacy|V-71863

Vuln-ID|V-204395

RHEL-07-010060 - The Red Hat Enterprise Linux operating system must enable a user session lock until that user re-establishes access using established identification and authentication procedures.

800-53|AC-11b.

CCI|CCI-000056

Rule-ID|SV-204396r958400_rule

STIG-ID|RHEL-07-010060

STIG-Legacy|SV-86515

STIG-Legacy|V-71891

Vuln-ID|V-204396

RHEL-07-010061 - The Red Hat Enterprise Linux operating system must uniquely identify and must authenticate users using multifactor authentication via a graphical user logon.

800-53|IA-2(11)

800-53|IA-2(12)

CCI|CCI-001948

CCI|CCI-001953

CCI|CCI-001954

Rule-ID|SV-204397r982216_rule

STIG-ID|RHEL-07-010061

STIG-Legacy|SV-92515

STIG-Legacy|V-77819

Vuln-ID|V-204397

RHEL-07-010062 - The Red Hat Enterprise Linux operating system must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.

800-53|AC-11a.

CCI|CCI-000057

Rule-ID|SV-214937r958402_rule

STIG-ID|RHEL-07-010062

STIG-Legacy|SV-93701

STIG-Legacy|V-78995

Vuln-ID|V-214937

RHEL-07-010063 - The Red Hat Enterprise Linux operating system must disable the login screen user list for graphical user interfaces.

800-53|CM-6b.

CCI|CCI-000366

Rule-ID|SV-256969r991589_rule

STIG-ID|RHEL-07-010063

Vuln-ID|V-256969

RHEL-07-010070 - The Red Hat Enterprise Linux operating system must initiate a screensaver after a 15-minute period of inactivity for graphical user interfaces.

Rule-ID|SV-204398r958402_rule

STIG-ID|RHEL-07-010070

STIG-Legacy|SV-86517

STIG-Legacy|V-71893

Vuln-ID|V-204398

RHEL-07-010081 - The Red Hat Enterprise Linux operating system must prevent a user from overriding the screensaver lock-delay setting for the graphical user interface.

Rule-ID|SV-204399r958402_rule

STIG-ID|RHEL-07-010081

STIG-Legacy|SV-87807

STIG-Legacy|V-73155

Vuln-ID|V-204399

RHEL-07-010082 - The Red Hat Enterprise Linux operating system must prevent a user from overriding the session idle-delay setting for the graphical user interface.

Rule-ID|SV-204400r958402_rule

STIG-ID|RHEL-07-010082

STIG-Legacy|SV-87809

STIG-Legacy|V-73157

Vuln-ID|V-204400

RHEL-07-010090 - The Red Hat Enterprise Linux operating system must have the screen package installed.

Rule-ID|SV-255926r958402_rule

STIG-ID|RHEL-07-010090

Vuln-ID|V-255926

RHEL-07-010100 - The Red Hat Enterprise Linux operating system must initiate a session lock for the screensaver after a period of inactivity for graphical user interfaces.

Rule-ID|SV-204402r958402_rule

STIG-ID|RHEL-07-010100

STIG-Legacy|SV-86523

STIG-Legacy|V-71899

Vuln-ID|V-204402

RHEL-07-010101 - The Red Hat Enterprise Linux operating system must prevent a user from overriding the screensaver idle-activation-enabled setting for the graphical user interface.

Rule-ID|SV-204403r958402_rule

STIG-ID|RHEL-07-010101

STIG-Legacy|SV-93703

STIG-Legacy|V-78997

Vuln-ID|V-204403

RHEL-07-010110 - The Red Hat Enterprise Linux operating system must initiate a session lock for graphical user interfaces when the screensaver is activated.

Rule-ID|SV-204404r958402_rule

STIG-ID|RHEL-07-010110

STIG-Legacy|SV-86525

STIG-Legacy|V-71901

Vuln-ID|V-204404

RHEL-07-010118 - The Red Hat Enterprise Linux operating system must be configured so that /etc/pam.d/passwd implements /etc/pam.d/system-auth when changing passwords.

800-53|IA-5(1)(a)

CCI|CCI-000192

Rule-ID|SV-204405r982195_rule

STIG-ID|RHEL-07-010118

STIG-Legacy|SV-95715

STIG-Legacy|V-81003

Vuln-ID|V-204405

RHEL-07-010119 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used.

Rule-ID|SV-204406r982195_rule

STIG-ID|RHEL-07-010119

STIG-Legacy|SV-87811

STIG-Legacy|V-73159

Vuln-ID|V-204406

RHEL-07-010120 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one upper-case character.

Rule-ID|SV-204407r982195_rule

STIG-ID|RHEL-07-010120

STIG-Legacy|SV-86527

STIG-Legacy|V-71903

Vuln-ID|V-204407

RHEL-07-010130 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one lower-case character.

CCI|CCI-000193

Rule-ID|SV-204408r982196_rule

STIG-ID|RHEL-07-010130

STIG-Legacy|SV-86529

STIG-Legacy|V-71905

Vuln-ID|V-204408

RHEL-07-010140 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are assigned, the new password must contain at least one numeric character.

CCI|CCI-000194

Rule-ID|SV-204409r982197_rule

STIG-ID|RHEL-07-010140

STIG-Legacy|SV-86531

STIG-Legacy|V-71907

Vuln-ID|V-204409

RHEL-07-010150 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one special character.

CCI|CCI-001619

Rule-ID|SV-204410r991561_rule

STIG-ID|RHEL-07-010150

STIG-Legacy|SV-86533

STIG-Legacy|V-71909

Vuln-ID|V-204410

RHEL-07-010160 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed a minimum of eight of the total number of characters must be changed.

800-53|IA-5(1)(b)

CCI|CCI-000195

Rule-ID|SV-204411r982198_rule

STIG-ID|RHEL-07-010160

STIG-Legacy|SV-86535

STIG-Legacy|V-71911

Vuln-ID|V-204411

RHEL-07-010170 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed a minimum of four character classes must be changed.

Rule-ID|SV-204412r982198_rule

STIG-ID|RHEL-07-010170

STIG-Legacy|SV-86537

STIG-Legacy|V-71913

Vuln-ID|V-204412

RHEL-07-010180 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed the number of repeating consecutive characters must not be more than three characters.

Rule-ID|SV-204413r982198_rule

STIG-ID|RHEL-07-010180

STIG-Legacy|SV-86539

STIG-Legacy|V-71915

Vuln-ID|V-204413

RHEL-07-010190 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed the number of repeating characters of the same character class must not be more than four characters.

Rule-ID|SV-204414r982198_rule

STIG-ID|RHEL-07-010190

STIG-Legacy|SV-86541

STIG-Legacy|V-71917

Vuln-ID|V-204414

RHEL-07-010199 - The Red Hat Enterprise Linux operating system must be configured to prevent overwriting of custom authentication configuration settings by the authconfig utility.

800-53|IA-5(1)(c)

CCI|CCI-000196

Rule-ID|SV-255928r982199_rule

STIG-ID|RHEL-07-010199

Vuln-ID|V-255928

RHEL-07-010200 - The Red Hat Enterprise Linux operating system must be configured so that the PAM system service is configured to store only encrypted representations of passwords.

Rule-ID|SV-204415r982199_rule

STIG-ID|RHEL-07-010200

STIG-Legacy|SV-86543

STIG-Legacy|V-71919

Vuln-ID|V-204415

Detections

Analytics

DISA Red Hat Enterprise Linux 7 STIG v3r15

Audit Details

File Details

Audit Changelog

Revision 1.1

Functional Update