U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Red Hat 6 STIG Version 2, Release 2 Checklist Details (Checklist Revisions)

Checklist Highlights

Checklist Name:
Red Hat 6 STIG
Checklist ID:
Version 2, Release 2
Review Status:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:

Checklist Summary:

The Red Hat Enterprise Linux 6 (RHEL6) Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements were developed from Federal and DoD consensus, based upon the Operating System Security Requirements Guide (OS SRG). SRGs are collections of requirements applicable to a given technology area. SRGs represent an intermediate step between Control Correlation Identifiers (CCIs) and STIGs. CCIs represent discrete, measurable, and actionable items sourced from Information Assurance (IA) controls defined in policy, such as those originating in Department of Defense (DoD) Instruction (DoDI) 8500.2 and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53. STIGs provide product-specific information for validating and attaining compliance with requirements defined in the SRG for the product's technology area. The OS SRG contains general requirements for operating systems. This SRG may be used as a guide for enhancing the security configuration of any operating system. The consensus content was developed using an open-source project called SCAP Security Guide. The project's website is https://fedorahosted.org/scap-security-guide/. Except for differences in formatting to accommodate the DISA STIG publishing process, the content of the RHEL6 STIG mirrors the SCAP Security Guide content. The vulnerabilities discussed in this document are applicable to RHEL6 Desktop and Server editions. This document is meant for use in conjunction with the Enclave, Network Infrastructure, Secure Remote Computing, and appropriate application STIGs.

Checklist Role:

  • Operating System

Known Issues:

Not provided.

Target Audience:

This document is a requirement for all DoD-administered systems and all systems connected to DoD networks. These requirements are designed to assist Security Managers (SMs), Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and System Administrators (SAs) with configuring and maintaining security controls in a DoD environment. This RHEL6 STIG Overview document introduces security concepts and terminology used in the OS SRG. This document is not a guide to RHEL6 system administration.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DoD Directive (DoDD) 8500.1


Not provided.


Not provided.

Product Support:

Not supported.

Point of Contact:

Comments or proposed revisions to this document should be sent via e-mail to disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document. Approved changes will be made in accordance with the DISA FSO maintenance release schedule.


Department of Defense (DoD).


Not provided.

Change History:

Version 1, Release 8 - 07 August 2015
Changed status from "Under Review" to "Final" - 03 June 2015
Version 1, Release 4 - 25 July 2014 (SCAP 1.1 & XCCDF)
Version 1, Release 3 - 18 June 2014 (SCAP 1.1)
Version 1, Release 3 - 19 May 2014
Version 1, Release 2 - 4 June 2013
Version 1, Release 1 - 29 May 2013
Version 1, Release 5 - 2 November 2014
Changed Status to "Final" - 14 January 2015
Version 1, Release 6 - 27 January 2015
Version 1, Release 6 Benchmark - 27 January 2015
Changed status from "under review" to "final" - 11 September 2015
Version 1, Release 9 - 29 October 2015
Changed status from "Under Review" to "Final" - 17 December 2015
5/2/2016 - Version 1, Release 11
moved to FINAL - 6/7/2016
updated to - v1, r12 - 07/22/2016
Updated to FINAL - 09/12/2016
updated to v1, r13 - 10/28/2016
updated to FINAL - 12/07/2016
Updated to Ver 1, Rel 14 - 01/27/2017
Updated to FINAL - 03/13/2017
updated to FINAL - 4/11/2017
Updated to Version 1, Release 15 - 04/28/2017
Updated to FINAL - 05/30/2017
Updated URL to reflect change to the DISA website - http --> https
Updated - 11/01/2017
Updated to FINAL - 12/02/2017
corrected resource title - 1/24/2018
Updated to Version 1, Release 18 - 02/16/2018
Updated to FINAL - 3/18/2018
updated to v1,r19 - 4/25/18
Updated to FINAL - 5/25/18
updated benchmark - 7/24/18
Updated to FINAL - 8/24/18
Updated to Version 1, Release 20- 10/25/18
Updated to FINAL - 11/26/18
Updated to Version 1, Release 21 - 1/23/19
Updated to FINAL - 2/19/19
updated to Version 1, Release 22 - 4/30/19
Updated URLs - 6/13/19
Updated URLs - 8/12/2019
updated URLs - 11/1/19
updated URLs per DISA - 1/21/2020
updated benchmark - 4/24/2020
Updated URLs - 8/4/2020
updated URLs - 10/27/2020
sunset per DISA - 1/27/2021
added SCC links per DISA guidance - 4/20/2021
Updated resources per DISA - 5/25/21
Updated SCC per DISA - 9/16/21
Updated SCC per DISA - 6/15/22
SCC - 10/23/22


URL Description


Reference URL Description

NIST checklist record last modified on 10/28/2022