Mar 1, 2021 Functional Update- 2.1350 - The system must implement NIST FIPS-validated cryptography - fips
Informational Update- 2.1350 - The system must implement NIST FIPS-validated cryptography - fips
Miscellaneous- Metadata updated.
- References updated.
|
Nov 16, 2020 Functional Update- 2.1350 - The system must implement NIST FIPS-validated cryptography - fips
Informational Update- 2.1350 - The system must implement NIST FIPS-validated cryptography - fips
Miscellaneous- Audit deprecated.
- Metadata updated.
- References updated.
|
Oct 5, 2020 Functional Update- 1.100 - The system must initiate a session lock for the screensaver after a period of inactivity for graphical user interfaces.
- 1.101 - The system must prevent a user from overriding the screensaver idle-activation-enabled setting for the graphical user interface.
- 1.110 - The system must initiate a session lock for graphical user interfaces when the screensaver is activated.
- 1.3.0 - The system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.
- 1.4.0 - The system must display the approved Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.
- 1.440 - The system must not allow an unattended or automatic logon to the system via a graphical user interface.
- 1.450 - The system must not allow an unrestricted logon to the system.
- 1.480 - systems prior to version 7.2 with a Basic Input/Output System (BIOS) must require authentication upon booting into single-user and maintenance modes - password
- 1.480 - systems prior to version 7.2 with a Basic Input/Output System (BIOS) must require authentication upon booting into single-user and maintenance modes - superusers
- 1.482 - systems version 7.2 or newer with a Basic Input/Output System (BIOS) must require authentication upon booting into single-user and maintenance modes - password
- 1.482 - systems version 7.2 or newer with a Basic Input/Output System (BIOS) must require authentication upon booting into single-user and maintenance modes - superusers
- 1.490 - systems prior to version 7.2 using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes - password
- 1.490 - systems prior to version 7.2 using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes - superusers
- 1.491 - systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes - password
- 1.491 - systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes - superusers
- 1.6.0 - The system must enable a user session lock until that user re-establishes access using established ID and auth procedures.
- 1.6.0 - The system must enable a user session lock until that user re-establishes access using established identification and authentication procedures.
- 1.6.1 - The operating system must uniquely identify and authenticate users using multifactor authentication via graphical logon.
- 1.6.1 - The system must uniquely identify and must authenticate users using multifactor authentication via a graphical user logon.
- 1.6.2 - The system must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.
- 1.7 - The operating system must initiate a screensaver after a 15-minute period of inactivity for graphical user interfaces.
- 1.7 - The system must initiate a screensaver after a 15-minute period of inactivity for graphical user interfaces.
- 1.8.1 - The system must prevent a user from overriding the screensaver lock-delay setting for the graphical user interface.
- 1.8.2 - The system must prevent a user from overriding the session idle-delay setting for the graphical user interface.
- 1.9.0 - The system must have the screen package installed.
- 2.030 - A file integrity tool must verify the baseline operating system configuration at least weekly - cron
- 2.040 - Designated personnel must be notified if baseline configurations are changed in an unauthorized manner.
- 2.1350 - The system must implement NIST FIPS-validated cryptography - fips
- 2.1350 - The system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards - grub
- 2.1350 - The system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards - proc
- 2.230 - The x86 Ctrl-Alt-Delete key sequence must be disabled - GUI
- 3.2000 - The system must use a virus scan program.
- 3.360 - The system must audit all executions of privileged functions - setgid 64 bit
- 3.360 - The system must audit all executions of privileged functions - setuid 64 bit
- 3.370 - The system must audit all uses of the chown syscall - 64 bit
- 3.380 - The system must audit all uses of the fchown syscall - 64 bit
- 3.390 - The system must audit all uses of the lchown syscall - 64 bit
- 3.400 - The system must audit all uses of the fchownat syscall - 64 bit
- 3.410 - The system must audit all uses of the chmod syscall - 64 bit
- 3.420 - The system must audit all uses of the fchmod syscall - 64 bit
- 3.430 - The system must audit all uses of the fchmodat syscall - 64 bit
- 3.440 - The system must audit all uses of the setxattr syscall - 64 bit
- 3.450 - The system must audit all uses of the fsetxattr syscall - 64 bit
- 3.460 - The system must audit all uses of the lsetxattr syscall - 64 bit
- 3.470 - The system must audit all uses of the removexattr syscall - 64 bit
- 3.480 - The system must audit all uses of the fremovexattr syscall - 64 bit
- 3.490 - The system must audit all uses of the lremovexattr syscall - 64 bit
- 3.500 - The system must audit all uses of the creat syscall - EACCES 64 bit
- 3.500 - The system must audit all uses of the creat syscall - EPERM 64 bit
- 3.510 - The system must audit all uses of the open syscall - EACCES 64 bit
- 3.510 - The system must audit all uses of the open syscall - EPERM 64 bit
- 3.520 - The system must audit all uses of the openat syscall - EACCES 64 bit
- 3.520 - The system must audit all uses of the openat syscall - EPERM 64 bit
- 3.530 - The system must audit all uses of the open_by_handle_at syscall - EACCES 64 bit
- 3.530 - The system must audit all uses of the open_by_handle_at syscall - EPERM 64 bit
- 3.540 - The system must audit all uses of the truncate syscall - EACCES 64 bit
- 3.540 - The system must audit all uses of the truncate syscall - EPERM 64 bit
- 3.550 - The system must audit all uses of the ftruncate syscall - EACCES 64 bit
- 3.550 - The system must audit all uses of the ftruncate syscall - EPERM 64 bit
- 3.740 - The system must audit all uses of the mount command and syscall - 64 bit
- 3.819 - The system must audit all uses of the create_module syscall - 64 bit
- 3.820 - The system must audit all uses of the init_module syscall - 64 bit
- 3.821 - The system must audit all uses of the finit_module syscall - 64 bit
- 3.830 - The system must audit all uses of the delete_module syscall - 64 bit
- 3.880 - The system must audit all uses of the rename syscall - 64 bit
- 3.890 - The system must audit all uses of the renameat syscall - 64 bit
- 3.900 - The system must audit all uses of the rmdir syscall - 64 bit
- 3.910 - The system must audit all uses of the unlink syscall - 64 bit
- 3.920 - The system must audit all uses of the unlinkat syscall - 64 bit
- 4.1010 - Wireless network adapters must be disabled.
- 4.180 - The system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications.
- 4.180- The system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications.
- 4.190 - The system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications.
- 4.200 - The system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications - config
- 4.200 - The system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications - file
- 4.500 - The system must synchronize clocks with a server that is synchronized to one of the redundant time servers.
- 4.600 - For systems using DNS resolution, at least two name servers must be configured - nameserver 1
- 4.600 - For systems using DNS resolution, at least two name servers must be configured - nameserver 2
- 4.600 - For systems using DNS resolution, at least two name servers must be configured - no dns
- 4.680 - The system must be configured to prevent unrestricted mail relaying.
- 4.720 - If the Trivial File Transfer Protocol (TFTP) server is required, the TFTP daemon must be configured for secure mode.
- 4.810 - The system access control program must be configured to grant or deny access to specific hosts and services - firewalld
- 4.810 - The system access control program must be configured to grant or deny system access to specific hosts and services.
- 4.820 - The system must not have unauthorized IP tunnels configured.
Informational Update- 2.1350 - The system must implement NIST FIPS-validated cryptography - fips
Miscellaneous- Platform check updated.
- References updated.
|
Sep 30, 2020 Functional Update- 2.1040 - The umask must be set to 077 for all local interactive user accounts.
- 2.1350 - The system must implement NIST FIPS-validated cryptography - fips
Informational Update- 2.1350 - The system must implement NIST FIPS-validated cryptography - fips
|
Sep 29, 2020 Functional Update- 2.1350 - The system must implement NIST FIPS-validated cryptography - fips
Informational Update- 2.1350 - The system must implement NIST FIPS-validated cryptography - fips
|
Jul 14, 2020 Functional Update- 2.1350 - The system must implement NIST FIPS-validated cryptography - fips
Informational Update- 2.1350 - The system must implement NIST FIPS-validated cryptography - fips
Miscellaneous- Metadata updated.
- References updated.
|
Apr 22, 2020 Functional Update- 2.1350 - The system must implement NIST FIPS-validated cryptography - fips
Informational Update- 2.1350 - The system must implement NIST FIPS-validated cryptography - fips
Miscellaneous- Metadata updated.
- References updated.
|
Jul 30, 2019 Functional Update- 2.1350 - The system must implement NIST FIPS-validated cryptography - fips
- 2.900 - All system device files must be correctly labeled to prevent unauthorized modification - device_t
- 2.900 - All system device files must be correctly labeled to prevent unauthorized modification - unlabeled_t
Informational Update- 2.1350 - The system must implement NIST FIPS-validated cryptography - fips
- 2.900 - All system device files must be correctly labeled to prevent unauthorized modification - device_t
- 2.900 - All system device files must be correctly labeled to prevent unauthorized modification - unlabeled_t
|
