Law enforcement needs timely and secure access to services that provide data wherever and whenever for stopping and reducing crime. In response to these needs, the Advisory Policy Board (APB) recommended to the Federal Bureau of Investigation (FBI) that the Criminal Justice Information Services (CJIS) Division authorize the expansion of the existing security management structure in 1998. Administered through a shared management philosophy, the CJIS Security Policy contains information security requirements, guidelines, and agreements reflecting the will of law enforcement and criminal justice agencies for protecting the sources, transmission, storage, and generation of Criminal Justice Information (CJI). The Federal Information Security Management Act of 2002 provides further legal basis for the APB approved management, operational, and technical security requirements mandated to protect CJI and by extension the hardware, software and infrastructure required to enable the services provided by the criminal justice community.
The essential premise of the CJIS Security Policy is to provide appropriate controls to protect the full lifecycle of CJI, whether at rest or in transit. The CJIS Security Policy provides guidance for the creation, viewing, modification, transmission, dissemination, storage, and destruction of CJI. This Policy applies to every individual—contractor, private entity, noncriminal justice agency representative, or member of a criminal justice entity—with access to, or who operate in support of, criminal justice services and information.
This baseline transforms the high-level policy prose of the FBI CJIS Security Policy into actionable configuration checks for Red Hat Enterprise Linux 7 systems. The primary author of this configuration baseline is Robin Price, a Senior Architect at Red Hat Public Sector.
- Server Operating System
- Desktop Operating System
- Operating System
- Mainframe Operating System
- Desktop and Server Operating System
- Client Operating System
- Client / Server
At the time of release there are no known issues. Refer to "Product Support" for instructions on how to report issues.
This content is applicable to Red Hat Enterprise Linux 7.x. This content is not applicable, supported, tested or approved for derivatives such as CentOS.
- Specialized Security-Limited Functionality (SSLF)
- Sector-Specific Environment
This content has been developed with and tested in OpenSCAP, the native SCAP configuration scanner that ships in Red Hat Enterprise Linux 7.
The scope of this profile is audit configuration of Red Hat Enterprise Linux 7 against the U.S. Department of Justice, FBI Criminal Justice Information System Policy v5.4 (FBI CJIS v5.4). Official copies of the FBI CJIS baseline can be found at https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. For more information, please refer to: http://unlicense.org http://fedoraproject.org/wiki/Legal:Fedora_Project_Contributor_Agreement http://www.cendi.gov/publications/04-8copyright.html#toc30
This content has been developed through the OpenSCAP/SCAP Security Guide project, co-sponsored by the National Security Agency and Red Hat. If you are a customer of Red Hat and you experience any issues or need extra functionality in Red Hat products, please use standard Red Hat communication channels to request Red Hat support. We recommend using the Red Hat Customer Portal (https://access.redhat.com/). For tickets, bugfixes, mailing lists, and IRC channels relating to content development, please visit the OpenSCAP Support webpage (https://www.open-scap.org/resources/support/).
Red Hat Point of Contact: Shawn Wells, Chief Security Strategist, Red Hat Public Sector. EMail: firstname.lastname@example.org. Cell: 443-534-0130 (US EST).
Files in this project are works of the US Government
and cannot be copyrighted, unless explicitly stated otherwise.
Files with certain copyrights (as permitted by the Fedora Project
Contributor Agreement) may be added but should be identified as such.
This is free and unencumbered software released into the public domain.
Anyone is free to copy, modify, publish, use, compile, sell, or
distribute this software, either in source code form or as a compiled
binary, for any purpose, commercial or non-commercial, and by any
In jurisdictions that recognize copyright laws, the author or authors
of this software dedicate any and all copyright interest in the
software to the public domain. We make this dedication for the benefit
of the public at large and to the detriment of our heirs and
successors. We intend this dedication to be an overt act of
relinquishment in perpetuity of all present and future rights to this
software under copyright law.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
For more information, please refer to:
Removed references to SCAP 1.2 and general SCAP testing - added language OVAL 5.11 language and OpenSCAP testing comments.
Updated to FINAL - 03/13/2017
Moving to Archive - 12/04/2017
NIST checklist record last modified on 12/04/2017