Enhance security with new Oracle Linux 8 STIG image in Oracle Cloud Marketplace

March 8, 2024 | 2 minute read
Julie Wong
Product Management Director
This is a syndicated post, view the original post
Text Size 100%:

A new Oracle Linux 8 Security Technical Implementation Guide (STIG) image is now available for launching Oracle Linux 8 enhanced security profile instances in Oracle Cloud Infrastructure (OCI). This image provides a hardened version of the standard Oracle Linux image and is based on an implementation for Oracle Linux 8 STIG Version 1, Release 8. With this image, you can easily and quickly launch Oracle Linux instances in OCI that you can configure to match certain security standards and requirements set by the Defense Information Systems Agency (DISA) of the US Department of Defense.

A new STIG image for Oracle Linux 8

You can access compliance using Security Content Automation Protocol (SCAP) compliance checker tools, such as SCAP Compliance Checker (SCC) or OpenSCAP. Two DISA STIG Viewer checklist files are provided with the image, which are based on scan results from the SCAP Compliance Checker (SCC) and OpenSCAP. The checklist for the DISA STIG benchmark uses the SCC scan results, while the checklist for the SCAP Security Guide (SSG) STIG profile uses the OpenSCAP scan results. You can find the default STIG rules implemented in the image and the resulting Checklist Compliance Checker scores in the documentation. Specific user environment requirements might need extra manual remediation.

The Oracle Linux STIG image is available for x86_64 (AMD, Intel) and aarch64 (Ampere) shapes in OCI. You can easily launch it from the Oracle Cloud Marketplace or the embedded Marketplace in the Oracle Cloud Console, and you can deploy the image on commercial and US Government OCI regions.

After the Oracle Linux STIG instance is launched in OCI, any changes that you make to an Oracle Linux STIG Image instance, such as installing other applications or modifying the configuration settings, could impact the compliance score. So, we recommend that you rescan the instance using the SCAP Compliance Checker (SCC) or OpenSCAP automated compliance assessment tools to check for compliance. For details on launching a target STIG-compliant image, remediation configurations and considerations, and compliance check scanning, refer to the documentation.

Getting started is easy

To get started, sign up for an OCI account. You can test drive the Oracle Linux 8 STIG image by deploying it on Oracle Cloud Free Tier or compatible OCI Compute subscription resources. Oracle Cloud Infrastructure subscriptions include the benefit of Oracle Linux Support at no extra cost.

For more information, refer to the following resources:

Julie Wong

Product Management Director