The Oracle Linux 6 (OL6) Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements were developed from vendor and DoD consensus, using the Red Hat Enterprise Linux 6 (RHEL6) STIG, itself based upon the Operating System Security Requirements Guide (OS SRG).
SRGs are collections of requirements applicable to a given technology area. SRGs represent an intermediate step between Control Correlation Identifiers (CCIs) and STIGs. CCIs represent discrete, measurable, and actionable items sourced from Information Assurance (IA) controls defined in policy, such as those originating in Department of Defense (DoD) Instruction (DoDI) 8500.2 and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53. STIGs provide product-specific information for validating and attaining compliance with requirements defined in the SRG for the product’s technology area. The OS SRG contains general requirements for operating systems; this SRG may be used as a guide for enhancing the security configuration of any operating system.
The vulnerabilities discussed in this document are applicable to OL6 Desktop and Server editions. This document is meant for use in conjunction with the Enclave, Network Infrastructure, Remote Access, and appropriate application STIGs.
- Specialized Security-Limited Functionality (SSLF)
DoD Instruction (DoDI) 8500.01
All technical NIST SP 800-53 requirements were considered while developing this STIG.
Requirements that are applicable and configurable are included in this STIG. A report marked For Official Use Only (FOUO) is available for those items that did not meet requirements. This report is available to component Authorizing Official (AO) personnel for risk assessment purposes by request via email to firstname.lastname@example.org.
Comments or proposed revisions to this document should be sent via email to the following address: email@example.com. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document. Approved changes will be made in accordance with the DISA FSO maintenance release schedule.
Version 1, Release 3 - 07 August 2015
Changed status from "Under Review" to "Final" - 03 June 2015
Version 1, Release 1 - 18 June 2014
Changed status from "under review" to "final" - 11 September 2015
Version 1, Release 4 - 29 October 2015
Changed status from "Under Review" to "Final" - 17 December 2015
Version 1, Release 5 - 8 February 2016
3/15/2016 - Promote to Final
4/29/2016 - Version 1, Release 6
moved to FINAL - 6/7/2016
updated to - v1, r7 - 07/22/2016
Updated to FINAL - 09/12/2016
updated to v1, r8 - 10/28/2016
updated to FINAL - 12/07/2016
Updated to Ver 1, Rel 9 - 01/27/2017
Updated to FINAL - 03/13/2017
Updated to Version 1, Release 10 - 04/28/2017
Updated to FINAL - 05/30/2017
Updated URL to reflect change to the DISA website - http --> https
Updated - 11/01/2017
Updated to FINAL - 12/02/2017
updated to v1,r12 - 4/25/18
Updated to FINAL - 5/25/18
Updated to Version 1, Release 13 - 10/25/18
Updated to FINAL - 11/26/18
Updated to Version 1, Release 14 - 1/23/19
Updated to FINAL - 2/19/19
updated to Version 1, Release 15 - 4/30/19
Updated URLs - 6/13/19
Updated URLs - 8/12/2019
Updated URLs - 8/12/2019
NIST checklist record last modified on 08/12/2019