National Institute of Standards and Technology (NIST) - Information technology Laboratory (ITL)

The United States Government Configuration Baseline (USGCB) - Red Hat Content

Warning Notice

Do not attempt to implement any of the settings without first testing them in a non-operational environment. These recommendations have only been tested on Red Hat Enterprise Linux Desktop (v. 5 for 32-bit x86) and Red Hat Enterprise Linux Desktop (v. 5 for 64-bit x86_64). These settings may be applicable to other Red Hat systems; however NIST has not tested other Red Hat based systems with these settings. Please see the National Checklist Program (NCP) website for configuration guides related to other Red Hat based systems.

The draft download packages contain recommended security settings; they are not meant to replace well-structured policy or sound judgment. Furthermore, these recommendations do not address site-specific configuration issues. Care must be taken when implementing these settings to address local operational and policy concerns.

These recommendations were developed at the National Institute of Standards and Technology, which collaborated with DoD and Red Hat to produce the Red Hat Enterprise Linux Desktop 5 USGCB candidate. Pursuant to title 17 Section 105 of the United States Code, these recommendations are not subject to copyright protection and are in the public domain. NIST assumes no responsibility whatsoever for their use by other parties, and makes no guarantees, expressed or implied, about their quality, reliability, or any other characteristic. We would appreciate acknowledgement if the recommendations are used.


Bulk Download Packages

The following table provides the aggregate downloads of the USGCB content for Red Hat Enterprise Linux 5 Desktop.

Documentation Configuration Support SCAP Content CCE to 800-53 Mappings
  • USGCB 1.0.5.0 Settings - 2011-09-30
    sha1
    200DC974EB4C9770118142E1FCE3A09AE1B2A22F
    sha256
    7E8CF3A3D8AB01069D2BB3AF7480309F44EE438CC9A3E359CAD9794E46282C83
  • USGCB 1.0.5.0 Known Issues - 2011-09-30
    sha1
    0C9E22370AF309E7DB0F4D9BF40532F6E64024C1
    sha256
    8287116770A5544A7F5AB84AD9145BDD632BCD037660FC4629E3C6CB8D548792
  • USGCB 1.0.5.0 SCAP 1.1 Content
    Please refer to the RHEL 5 Desktop Content Page for the latest USGCB SCAP Content and associated hash values.
  • Please refer to the individual product content pages for the Machine-readable CCE to 800-53 Mappings.

Update History
Date Documentation Configuration Support SCAP Content CCE to 800-53 Mappings
November 08, 2011 No changes No changes 1.0.5.0 USGCB OVAL 5.8 content posted. No changes
September 30, 2011 1.0.5.0 Settings and Known Issues released 1.0.5.0 Kickstart configuration released 1.0.5.0 USGCB OVAL 5.8 content released No changes
July 26, 2011 No changes Beta-Candidate Puppet Modules updated No changes No changes
March 31, 2011 No changes Beta-Candidate Kickstart configuration released No changes No changes
March 29, 2011 Beta-Candidate Settings and Known Issues released Beta-Candidate Puppet Modules released Beta-Candidate USGCB OVAL 5.8 content released No changes
February 28, 2011 Alpha-Candidate Settings and Known Issues released Alpha-Candidate Kickstart configuration and Puppet Modules released Alpha-Candidate USGCB OVAL 5.4 content released. Future releases will use OVAL 5.8 constructs. Patch content is produced and hosted by Red Hat. No changes