STIG customer responsibilities
The following STIG items are the customer's responsibility to implement according to their requirements and environment.
V-230482, V-230481, and V-230479
- Finding ID
- For more information, see V-230482, V-230481, and V-230479.
- Version
- RHEL-08-030720 & RHEL-08-030710 & RHEL-08-030690
- Rule ID
-
xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_actionsendstreamdriverauthmode
xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_actionsendstreamdrivermode
xccdf_org.ssgproject.content_rule_rsyslog_remote_loghost
- Title
-
Ensure Rsyslog authenticates off-loaded audit records
Ensure Rsyslog encrypts off-loaded audit records
Ensure logs sent to remote host
- Justification
- The method for configuring the alternative (syslog-ng) is documented. The customer must choose a destination and obtain certificates and so forth.
V-230274, V-230355, and V-230372
- Finding ID
- For more information, see V-230274, V-230355, and V-230372.
- Version
- RHEL-08-010400 & RHEL-08-020090 & RHEL-08-020250
- Rule ID
-
xccdf_org.ssgproject.content_rule_sssd_certificate_verification
xccdf_org.ssgproject.content_rule_sssd_enable_certmap
xccdf_org.ssgproject.content_rule_sssd_enable_smartcards
- Title
-
Certificate status checking in SSSD
Enable Certmap in SSSD
Enable Smartcards in SSSD
- Justification
- QRadar includes all the software packages required for smartcard authentication but this must be configured on-site
V-230484
- Finding ID
- For more information, see V-230484.
- Version
- RHEL-08-030740
- Rule ID
- xccdf_org.ssgproject.content_rule_chronyd_specify_remote_server
- Title
- A remote time server for Chrony is configured
- Justification
- The customer must choose an appropriate time server for their environment at install time