1. Proposed title of this feature request
[RFE] Provide C2S profile in OpenScap
3. What is the nature and description of the request?
Customers require the C2S security profile to setup their systems based on this security catalog.
4. Why does the customer need this? (List the business requirements here)
It's a security based requirement. Systems without this criteria, are not able to use in production.
5. How would the customer like to achieve this? (List the functional requirements here)
RHEL-8 systems should be able to use the C2S security profile during installation.
6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.
Select C2S profile during installation
7. Is there already an existing RFE upstream or in Red Hat Bugzilla?
8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?
9. Is the sales team involved in this request and do they have any additional input?
10. List any affected packages or components.
11. Would the customer be able to assist in testing this functionality if implemented?
Hello Steffen, you are asking here for C2S profile, that is U.S. Government Commercial Cloud Services (C2S) baseline inspired by the Center for Internet Security baseline (CIS) (there are some deliberate differences). Is that really what you are asking for? Or it's the CIS you seek?
After double checking with the requestors we have realized that what is needed here is CIS profile, not C2S. (C2S is profile inspired by CIS but is not identical. It is also currently the only CIS alternative shipped with RHEL7, until Bug 1821633 gets fixed - that was the cause of confusion).
Changing topic of this BZ to CIS, to clear things up.
Steffen, just to make very clear what will be sufficient for the customers - they are interested in the hardening during installation. We have been getting a lot of request for Ansible coverage lately. As the installation hardening and ansible hardening are two different pieces of code, so to say, can you check if customers have any expectations about Ansible? Thanks!
For my customers the hardening happen during installation already. There is no need of ansible for them. The priority is on availability of CIS profile during installation.
For some US federal government users, the lack of the CIS/C2S profile on installation is hindering adoption of RHEL8. It would be great to see some movement on addressing this bug.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
*** Bug 1888722 has been marked as a duplicate of this bug. ***