My Oracle Support Banner

Support Information for CIS Benchmarks and CIS Hardened Images for Oracle Linux (Doc ID 2949651.1)

Last updated on FEBRUARY 09, 2024

Applies to:

Linux OS - Version Oracle Linux 7.0 to Oracle Linux 9.0 [Release OL7 to OL9]
Linux x86-64
Linux aarch64

Details

This document provides answers to frequently asked questions about the CIS Benchmarks and CIS hardened images for Oracle Linux.

What are the CIS Benchmarks and CIS hardened images for Oracle Linux?

The Center for Internet Security, Inc. (CIS) is a community-driven nonprofit organization. They produce the CIS Benchmarks which consist of secure configuration guidelines and are developed through their process. CIS hardened images are pre-configured images with applicable CIS Benchmarks for Oracle Linux. CIS has provided CIS hardened Oracle Linux images through several of the major cloud service provider marketplaces.

Does Oracle support CIS Benchmarks for Oracle Linux?

Oracle currently does not support CIS Benchmarks for Oracle Linux. Customers obtain support directly from CIS and its community.

How is Oracle Linux supported if it's a CIS hardened image or Oracle Linux has been applied with CIS Benchmarks manually?

For customers that are running Oracle Linux with valid Oracle Linux support subscriptions, Oracle Support will assist customers in the following manner when they are using CIS hardened images or Oracle Linux has been applied with CIS Benchmarks manually:

Visit the Oracle Open Source Support Policies document which is the primary document used to communicate Oracle Linux Support Policies for customer deployments on-premises or in the cloud.

Is there any alternative to CIS Benchmarks and CIS hardened images for Oracle Linux that are provided by Oracle?

Yes, Oracle provides Oracle Linux STIG image, an implementation of Oracle Linux that follows the Security Technical Implementation Guide (STIG), released by the Defense Information Systems Agency (DISA).

STIGs describe how to harden Linux systems to reduce the overall attack surface. STIGs also describe maintenance processes such as software updates and vulnerability patching. Oracle has implemented the published STIG in Security Content Automation Protocol (SCAP) format and included it in the latest release of the scap-security-guide package for Oracle Linux 9, 8 and 7. This can be used in conjunction with the OpenSCAP tool shipped with Oracle Linux to validate a server against the published implementation guide. The validation process can also suggest remediation in cases where compliance is not met.

Visit Oracle Linux documentation to learn how to run a STIG compliance scan with OpenSCAP.

Oracle Linux team has released Oracle Linux STIG images in Oracle Cloud Infrastructure:

Moreover, you can automate STIG remediation using Oracle Linux Automation Manager.

Actions

Oracle Linux provides a complete security stack, from network firewall control to access control security policies, and is designed to be secure by default.
Visit Oracle Linux Documentation to learn the Oracle Linux details and the best practices to secure Oracle Linux deployments. 

Contacts

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Details
 What are the CIS Benchmarks and CIS hardened images for Oracle Linux?
 Does Oracle support CIS Benchmarks for Oracle Linux?
 How is Oracle Linux supported if it's a CIS hardened image or Oracle Linux has been applied with CIS Benchmarks manually?
 Is there any alternative to CIS Benchmarks and CIS hardened images for Oracle Linux that are provided by Oracle?
Actions
Contacts
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.