Bug 1284048

Summary: Request for port of existing (CNSSI) No. 1253 (nist-CL-IL-AL) profile from RHEL-6 to RHEL-7
Product: Red Hat Enterprise Linux 7 Reporter: Andrew Shewmaker <shewa>
Component: scap-security-guideAssignee: Jan Lieskovsky <jlieskov>
Status: CLOSED ERRATA QA Contact: Marek Haicman <mhaicman>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: ksrot, mhaicman, mpreisle, openscap-maint
Target Milestone: rcKeywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: scap-security-guide-0.1.30-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-04 07:32:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andrew Shewmaker 2015-11-20 16:17:49 UTC 
Description of problem:

The current version of the SCAP Security Guide does not include the CNSS No. 1253 Profile. Upstream does have the profile available for RHEL 6, but not 7. This bug is intended to confirm customer interest (at least Los Alamos National Laboratory) in this feature.

https://github.com/OpenSCAP/scap-security-guide/blob/master/RHEL/6/input/profiles/nist-CL-IL-AL.xml

Upstream tracking of this issue is at

https://github.com/OpenSCAP/scap-security-guide/issues/858
Comment 3 Jan Lieskovsky 2016-05-10 14:49:00 UTC 
Proposed upstream patch:
  https://github.com/OpenSCAP/scap-security-guide/pull/1239
Comment 7 Marek Haicman 2016-06-30 10:26:49 UTC 
List of profiles in version scap-security-guide-0.1.30-1.el7

C2S for Red Hat Enterprise Linux 7                                              
CNSSI 1253 Low/Low/Low Control Baseline for Red Hat Enterprise Linux 7          
Common Profile for General-Purpose Systems                                      
Criminal Justice Information Services (CJIS) Security Policy                    
Documentation to Support C2S/CIS  Mapping                                       
Documentation to Support DISA OS SRG Mapping                                    
Introduction                                                                    
PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7                      
Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)                
Remediation functions used by the SCAP Security Guide Project                   
Services                                                                        
Standard System Security Profile                                                
STIG for Red Hat Enterprise Linux 7 Server                                      
STIG for Red Hat Enterprise Linux 7 Server Running GUIs                         
STIG for Red Hat Enterprise Linux 7 Workstation                                 
System Settings                                                                 
United States Government Configuration Baseline (USGCB / STIG) 



Profile CNSSI 1253 Low/Low/Low Control Baseline for Red Hat Enterprise Linux 7 contains sane rules.
Comment 9 errata-xmlrpc 2016-11-04 07:32:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2483.html