Any system implemented by the US Department of Defense (DoD) must meet the DISA Secure Technical Implementation Guidelines (STIG). The STIGs are publicly available and may also be implemented by organizations with particular security requirements. Information on Red Hat products compliance with US government certifications can be found on the Red Hat website.
Red Hat Enterprise Linux 6 and the included Apache (Apache HTTP Server) 2.2 installation can be configured to meet their respective STIG. See the following pages from the Information Assurance Support Environment (IASE):
The changes made in BMC Discovery 11.0 to comply with the following STIG rule versions.
STIG rule version
Red Hat Enterprise Linux 6
Apache (Apache HTTP Server)
If an issue arises on an appliance that has been customized to meet the STIG, BMC Customer Support may require the issue to be reproduced on an unmodified appliance.
Changes to meet the Red Hat Enterprise Linux 6 and Apache (Apache HTTP Server) 2.2 STIG in BMC Discovery 11.0
The following sections detail the changes that have been made in BMC Discovery 11.0 to comply with STIG rules. Sections are provided listing STIG rules that need to be applied at customer's discretion and those that are not applicable to BMC Discovery, and the reason for non-applicability.