Oracle has released the Oracle Linux STIG image for Oracle Cloud Infrastructure (OCI). This image is an Oracle Linux 7 implementation of the Security Technical Implementation Guide (STIG) for OCI. With this image, you can easily create an Oracle Linux instance in OCI that you can configure to match certain security standards and requirements set by the Defense Information Systems Agency (DISA) of the U.S. Department of Defense (DoD).
The Oracle Linux STIG image is scanned against the target DISA STIG Security Content Automation Protocol (SCAP) Benchmark profile. Not all elements of the Oracle Linux 7 STIG are implemented in the image, due to requirements specific to the user environment. The resulting SCAP Compliance Checker (SCC) score is published in the documentation.
The Oracle Linux STIG image is available on the Oracle Cloud Marketplace and from the embedded Marketplace or Oracle images catalog in the OCI Console. It’s available for deployment in commercial and U.S. government OCI regions.
Learn more about the Oracle Linux STIG image by visiting the Marketplace listing. For further details on how to deploy the image in OCI, STIG remediation configurations and considerations, and compliance check scanning, refer to the Oracle Linux 7 STIG image deployment and user guide.
You can start by signing up for an OCI account and test driving the Oracle Linux STIG image by deploying it on Oracle Cloud Free Tier or OCI subscription resources. With an Oracle Cloud Infrastructure subscription, you receive enterprise-level Oracle Linux Premier Support at no extra cost.
For more information, refer to the following resources: