Checklist Summary:

The Red Hat Enterprise Linux 6 (RHEL6) Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements were developed from Federal and DoD consensus, based upon the Operating System Security Requirements Guide (OS SRG). SRGs are collections of requirements applicable to a given technology area. SRGs represent an intermediate step between Control Correlation Identifiers (CCIs) and STIGs. CCIs represent discrete, measurable, and actionable items sourced from Information Assurance (IA) controls defined in policy, such as those originating in Department of Defense (DoD) Instruction (DoDI) 8500.2 and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53. STIGs provide product-specific information for validating and attaining compliance with requirements defined in the SRG for the product's technology area. The OS SRG contains general requirements for operating systems. This SRG may be used as a guide for enhancing the security configuration of any operating system. The consensus content was developed using an open-source project called SCAP Security Guide. The project's website is https://fedorahosted.org/scap-security-guide/. Except for differences in formatting to accommodate the DISA STIG publishing process, the content of the RHEL6 STIG mirrors the SCAP Security Guide content. The vulnerabilities discussed in this document are applicable to RHEL6 Desktop and Server editions. This document is meant for use in conjunction with the Enclave, Network Infrastructure, Secure Remote Computing, and appropriate application STIGs.

Checklist Role:

• Operating System

Known Issues:

Not provided.

Target Audience:

This document is a requirement for all DoD-administered systems and all systems connected to DoD networks. These requirements are designed to assist Security Managers (SMs), Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and System Administrators (SAs) with configuring and maintaining security controls in a DoD environment. This RHEL6 STIG Overview document introduces security concepts and terminology used in the OS SRG. This document is not a guide to RHEL6 system administration.

Target Operational Environment:

• Managed
• Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DoD Directive (DoDD) 8500.1

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Not provided.

Product Support:

Not supported.

Point of Contact:

Comments or proposed revisions to this document should be sent via e-mail to disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document. Approved changes will be made in accordance with the DISA FSO maintenance release schedule.

Sponsor:

Department of Defense (DoD).

Licensing:

Not provided.

Change History:

Version 1, Release 8 - 07 August 2015
Changed status from "Under Review" to "Final" - 03 June 2015
Version 1, Release 4 - 25 July 2014 (SCAP 1.1 & XCCDF)
Version 1, Release 3 - 18 June 2014 (SCAP 1.1)
Version 1, Release 3 - 19 May 2014
Version 1, Release 2 - 4 June 2013
Version 1, Release 1 - 29 May 2013
Version 1, Release 5 - 2 November 2014
Changed Status to "Final" - 14 January 2015
Version 1, Release 6 - 27 January 2015
Version 1, Release 6 Benchmark - 27 January 2015
Changed status from "under review" to "final" - 11 September 2015

Dependency/Requirements:

URL	Description
http://iase.disa.mil/stigs/Documents/u_redhat_6_stig_release_memo.pdf	Red Hat 6 STIG - Release Memo

References:

Reference URL	Description

NIST checklist record last modified on 09/11/2015