The Oracle Linux 9 Security Technical Implementation Guide (STIG) was recently released by the Defense Information Systems Agency (DISA) and is now available for download at the Department of Defense (DoD) Cyber Exchange. It can be found by searching the STIGs Document Library on the DoD Cyber Exchange for “Oracle Linux 9 STIG”. This STIG provides guidance for configuring Oracle Linux 9 systems to meet the cybersecurity requirements for deployment within the DoD’s IT network systems. By focusing on infrastructure and system security, STIGs play a fundamental role in helping mitigate vulnerabilities and help protect networks against cybersecurity threats.
Oracle has implemented an automated profile in Security Content Automation Protocol (SCAP) format, aligned to the Oracle Linux 9 DISA STIG, and included it in the latest release of the SCAP Security Guide (SSG) package (scap-security-guide) for Oracle Linux 9. This package, distributed with Oracle Linux, provides release-specific SCAP content, including the ssg-ol9-ds.xml SCAP datastream file, which contains the Oracle Linux 9 DISA STIG profile.
Evaluate and remediate STIG compliance with OpenSCAP
OpenSCAP (OSCAP)—an open source utility available in Oracle Linux and certified by the National Institute of Standards and Technology (NIST)—can be used together with the SSG package to evaluate systems against the Oracle Linux 9 DISA STIG. This evaluation not only identifies non-compliant configurations but also provides recommendations, and if the SCAP profile includes remediation content, the oscap tool has an option to apply the remediation automatically on a system. To learn more about using OpenSCAP to inspect and remediate Oracle Linux 9 systems, refer to Oracle Linux 9: Using OpenSCAP for Security Compliance.
Resources
For more information, see the following Oracle Linux resources: