TomaszDom
commented
7 years ago U_Canonical_Ubuntu_V1R1_STIG.zip
It disappeared from the official website (https://iasecontent.disa.mil/stigs/zip/U_Canonical_Ubuntu_V1R1_STIG.zip)
Closed ajd394 closed 1 year ago
TomaszDom
commented
7 years ago U_Canonical_Ubuntu_V1R1_STIG.zip
It disappeared from the official website (https://iasecontent.disa.mil/stigs/zip/U_Canonical_Ubuntu_V1R1_STIG.zip)
ajd394
commented
7 years ago @TomaszDom I asked DISA why it disappeared and here is their response:
Good afternoon,
There was an error in the STIG and our management decided to pull the STIG. It's being updated and will be reposted ASAP.
Brian R. Snodgrass IT Specialist (INFOSEC) DISA Risk Management Executive RE11 Cyber Standards Branch Commercial (717) 267-9162 DSN 312-570-9162 brian.r.snodgrass2.civ@mail.mil (NIPR) brian.r.snodgrass2.civ@mail.smil.mil (SIPR)
GlennBell
commented
7 years ago I started running through the STIG posted above. There are several errors, the most notable is requiring running the command 'passwd -d root' (V-75445). This deletes root's passwd, i.e. no password required to login, quite the opposite of what was intended. I'm not sure how this was published in the first place, that is a huge error.
compuguy
commented
6 years ago @ajd394 Any updates on this?
GlennBell
commented
6 years ago The updated Ubuntu STIG has not been re- released (See https://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx).
Another issue I discovered, per Canonical, the required FIPS 140-2 packages are only available though a commercial support contract. Contracts start at $2000.
GMAzrael
commented
6 years ago @GlennBell Per FIPS Compliance, you are not compliant if you do not have the certified vendor providing support for the FIPS packages. You need a Red Hat subscription to get the FIPS packages. While CentOS has the packages out in the open, lack of commercial support means you are not compliant.
wmesser
commented
6 years ago The Ubuntu STIG has been re-issued.
redhatrises
commented
6 years ago If anyone wants to contribute this content, that would be great!
shaharglazner
commented
4 years ago @redhatrises Hey, I want to generate the stig_overlay.xml for Ubuntu 16.04 using the documentation, does it make sense?
Any other things to notice before?
dodys
commented
1 year ago This issue has been inactive since 2019 and Ubuntu 16.04 is in ESM since 2021, which make me believe that people moved to newer releases. Therefore I'm closing it.
DISA Risk Management Executive has released the Canonical Ubuntu 16.04 Security Technical Implementation Guide (STIG) Version 1 Release 1. The requirements of the STIG become effective immediately. The STIG is available on IASE at https://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx.