National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

FBI CJIS Compliance Profile for Red Hat Enterprise Linux 7 (RHEL7) v0.1.31 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name Product Category
Red Hat Enterprise Linux 7.0 cpe:/o:redhat:enterprise_linux:7.0 (View CVEs)
    Red Hat Enterprise Linux 7.1 cpe:/o:redhat:enterprise_linux:7.1 (View CVEs)
      Red Hat Enterprise Linux 7.2 cpe:/o:redhat:enterprise_linux:7.2 (View CVEs)
        Red Hat Enterprise Linux 7.3 cpe:/o:redhat:enterprise_linux:7.3 (View CVEs)

          Checklist Highlights

          Checklist Name:
          FBI CJIS Compliance Profile for Red Hat Enterprise Linux 7 (RHEL7)
          Checklist ID:
          751
          Version:
          v0.1.31
          Type:
          Compliance
          Review Status:
          Archived
          Authority:
          Software Vendor: Red Hat
          Original Publication Date:
          02/06/2017
          Checklist Group:
          View

          Checklist Summary:

          Law enforcement needs timely and secure access to services that provide data wherever and whenever for stopping and reducing crime. In response to these needs, the Advisory Policy Board (APB) recommended to the Federal Bureau of Investigation (FBI) that the Criminal Justice Information Services (CJIS) Division authorize the expansion of the existing security management structure in 1998. Administered through a shared management philosophy, the CJIS Security Policy contains information security requirements, guidelines, and agreements reflecting the will of law enforcement and criminal justice agencies for protecting the sources, transmission, storage, and generation of Criminal Justice Information (CJI). The Federal Information Security Management Act of 2002 provides further legal basis for the APB approved management, operational, and technical security requirements mandated to protect CJI and by extension the hardware, software and infrastructure required to enable the services provided by the criminal justice community. The essential premise of the CJIS Security Policy is to provide appropriate controls to protect the full lifecycle of CJI, whether at rest or in transit. The CJIS Security Policy provides guidance for the creation, viewing, modification, transmission, dissemination, storage, and destruction of CJI. This Policy applies to every individual—contractor, private entity, noncriminal justice agency representative, or member of a criminal justice entity—with access to, or who operate in support of, criminal justice services and information. This baseline transforms the high-level policy prose of the FBI CJIS Security Policy into actionable configuration checks for Red Hat Enterprise Linux 7 systems. The primary author of this configuration baseline is Robin Price, a Senior Architect at Red Hat Public Sector.

          Checklist Role:

          • Server
          • Server Operating System
          • Desktop Operating System
          • Operating System
          • Mainframe Operating System
          • Desktop and Server Operating System
          • Client Operating System
          • Client / Server

          Known Issues:

          At the time of release there are no known issues. Refer to "Product Support" for instructions on how to report issues.

          Target Audience:

          This content is applicable to Red Hat Enterprise Linux 7.x. This content is not applicable, supported, tested or approved for derivatives such as CentOS.

          Target Operational Environment:

          • Standalone
          • Managed
          • Specialized Security-Limited Functionality (SSLF)
          • Legacy
          • Sector-Specific Environment

          Testing Information:

          This content has been developed with and tested in OpenSCAP, the native SCAP configuration scanner that ships in Red Hat Enterprise Linux 7.

          Regulatory Compliance:

          The scope of this profile is audit configuration of Red Hat Enterprise Linux 7 against the U.S. Department of Justice, FBI Criminal Justice Information System Policy v5.4 (FBI CJIS v5.4). Official copies of the FBI CJIS baseline can be found at https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center.

          Comments/Warnings/Miscellaneous:

          This SCAP datastream contains OVAL 5.11 content, which supports configuration checking for Red Hat Enterprise Linux 7. Check with your SCAP vendor(s) if OVAL 5.11 is supported in their tooling. This content has been developed and tested with OpenSCAP, the native SCAP configuration scanner that ships in Red Hat Enterprise Linux 7. NOTE: This is *not* the Red Hat Enterprise Linux baseline used for FBI internal systems. For access to that baseline, please contact Tony James (RedHat-FBI Technical Liaison) at tony@redhat.com.

          Disclaimer:

          THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. For more information, please refer to: http://unlicense.org http://fedoraproject.org/wiki/Legal:Fedora_Project_Contributor_Agreement http://www.cendi.gov/publications/04-8copyright.html#toc30

          Product Support:

          This content has been developed through the OpenSCAP/SCAP Security Guide project, co-sponsored by the National Security Agency and Red Hat. If you are a customer of Red Hat and you experience any issues or need extra functionality in Red Hat products, please use standard Red Hat communication channels to request Red Hat support. We recommend using the Red Hat Customer Portal (https://access.redhat.com/). For tickets, bugfixes, mailing lists, and IRC channels relating to content development, please visit the OpenSCAP Support webpage (https://www.open-scap.org/resources/support/).

          Point of Contact:

          Red Hat Point of Contact: Shawn Wells, Chief Security Strategist, Red Hat Public Sector. EMail: shawn@redhat.com. Cell: 443-534-0130 (US EST).

          Sponsor:

          National Security Agency

          Licensing:

          Files in this project are works of the US Government and cannot be copyrighted, unless explicitly stated otherwise. Files with certain copyrights (as permitted by the Fedora Project Contributor Agreement) may be added but should be identified as such. This is free and unencumbered software released into the public domain. Anyone is free to copy, modify, publish, use, compile, sell, or distribute this software, either in source code form or as a compiled binary, for any purpose, commercial or non-commercial, and by any means. In jurisdictions that recognize copyright laws, the author or authors of this software dedicate any and all copyright interest in the software to the public domain. We make this dedication for the benefit of the public at large and to the detriment of our heirs and successors. We intend this dedication to be an overt act of relinquishment in perpetuity of all present and future rights to this software under copyright law. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. For more information, please refer to: http://unlicense.org http://fedoraproject.org/wiki/Legal:Fedora_Project_Contributor_Agreement http://www.cendi.gov/publications/04-8copyright.html#toc30

          Change History:

          Removed references to SCAP 1.2 and general SCAP testing - added language OVAL 5.11 language and OpenSCAP testing comments.
          Updated to FINAL - 03/13/2017
          Moving to Archive - 12/04/2017

          Dependency/Requirements:

          URL Description
          https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.31 Release Notes

          References:

          Reference URL Description

          NIST checklist record last modified on 12/04/2017