STIG customer responsibilities

The following STIG items are the customer's responsibility to implement according to their requirements and environment.

V-230482, V-230481, and V-230479

Finding ID
For more information, see V-230482, V-230481, and V-230479.
Version
RHEL-08-030720 & RHEL-08-030710 & RHEL-08-030690
Rule ID

xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_actionsendstreamdriverauthmode

xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_actionsendstreamdrivermode

xccdf_org.ssgproject.content_rule_rsyslog_remote_loghost

Title

Ensure Rsyslog authenticates off-loaded audit records

Ensure Rsyslog encrypts off-loaded audit records

Ensure logs sent to remote host

Justification
The method for configuring the alternative (syslog-ng) is documented. The customer must choose a destination and obtain certificates and so forth.

V-230274, V-230355, and V-230372

Finding ID
For more information, see V-230274, V-230355, and V-230372.
Version
RHEL-08-010400 & RHEL-08-020090 & RHEL-08-020250
Rule ID

xccdf_org.ssgproject.content_rule_sssd_certificate_verification

xccdf_org.ssgproject.content_rule_sssd_enable_certmap

xccdf_org.ssgproject.content_rule_sssd_enable_smartcards

Title

Certificate status checking in SSSD

Enable Certmap in SSSD

Enable Smartcards in SSSD

Justification
QRadar includes all the software packages required for smartcard authentication but this must be configured on-site

V-230484

Finding ID
For more information, see V-230484.
Version
RHEL-08-030740
Rule ID
xccdf_org.ssgproject.content_rule_chronyd_specify_remote_server
Title
A remote time server for Chrony is configured
Justification
The customer must choose an appropriate time server for their environment at install time