SRG-OS-000366-GPOS-00153 Controls

STIG IDVersionTitleProduct
ALMA-09-009590V1R2AlmaLinux OS 9 must check the GPG signature of software packages originating from external software repositories before installation.
ALMA-09-009700V1R2AlmaLinux OS 9 must ensure cryptographic verification of vendor software packages.
ALMA-09-009810V1R2AlmaLinux OS 9 must check the GPG signature of locally installed software packages before installation.
ALMA-09-009920V1R2AlmaLinux OS 9 must check the GPG signature of repository metadata before package installation.
ALMA-09-010030V1R2AlmaLinux OS 9 must have GPG signature verification enabled for all software repositories.
ALMA-09-010140V1R2AlmaLinux OS 9 must prevent the loading of a new kernel for later execution.
APPL-14-002060V2R3The macOS system must apply gatekeeper settings to block applications from unidentified developers.
APPL-14-002064V2R3The macOS system must enable Gatekeeper.
APPL-15-002060V1R3The macOS system must apply gatekeeper settings to block applications from unidentified developers.
APPL-15-002064V1R3The macOS system must enable gatekeeper.
OL07-00-020050V3R2The Oracle Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.
OL07-00-020060V3R2The Oracle Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.
OL07-00-010019V3R2The Oracle Linux operating system must ensure cryptographic verification of vendor software packages.
OL08-00-010370V2R4YUM must be configured to prevent the installation of patches, service packs, device drivers, or OL 8 system components that have not been digitally signed using a certificate that is recognized and approved by the organization.
OL08-00-010371V2R4OL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.
OL08-00-010372V2R4OL 8 must prevent the loading of a new kernel for later execution.
OL08-00-010019V2R4OL 8 must ensure cryptographic verification of vendor software packages.
OL09-00-000330V1R1OL 9 must have the subscription-manager package installed.
OL09-00-000496V1R1OL 9 must check the GPG signature of locally installed software packages before installation.
OL09-00-000497V1R1OL 9 must check the GPG signature of software packages originating from external software repositories before installation.
OL09-00-000498V1R1OL 9 must have GPG signature verification enabled for all software repositories.
OL09-00-000499V1R1OL 9 must ensure cryptographic verification of vendor software packages.
OL09-00-002428V1R1OL 9 must prevent the loading of a new kernel for later execution.
RHEL-07-020050V3R9The Red Hat Enterprise Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.
RHEL-07-020060V3R9The Red Hat Enterprise Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.
RHEL-08-010370V2R3RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.
RHEL-08-010371V2R3RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.
RHEL-08-010372V2R3RHEL 8 must prevent the loading of a new kernel for later execution.
RHEL-08-010019V2R3RHEL 8 must ensure cryptographic verification of vendor software packages.
RHEL-09-214010V2R4RHEL 9 must ensure cryptographic verification of vendor software packages.
RHEL-09-214015V2R4RHEL 9 must check the GPG signature of software packages originating from external software repositories before installation.
RHEL-09-214020V2R4RHEL 9 must check the GPG signature of locally installed software packages before installation.
RHEL-09-214025V2R4RHEL 9 must have GPG signature verification enabled for all software repositories.
RHEL-09-215010V2R4RHEL 9 subscription-manager package must be installed.
SLES-12-010550V3R2The SUSE operating system tool zypper must have gpgcheck enabled.
SLES-15-010430V2R4The SUSE operating system tool zypper must have gpgcheck enabled.
UBTU-18-010016V2R15Advance package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization.
UBTU-20-010438V2R1The Ubuntu operating system's Advance Package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization.
UBTU-22-214010V2R4Ubuntu 22.04 LTS must be configured so that the Advance Package Tool (APT) prevents the installation of patches, service packs, device drivers, or operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization.
UBTU-24-300001V1R1Ubuntu 24.04 LTS Advance Package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu 24.04 LTS components without verification they have been digitally signed using a certificate that is recognized and approved by the organization.