Users who take advantage of the new DISA STIG can give their AlmaLinux servers military-grade hardening.
There’s another feather in the cap for the folks at AlmaLinux. Today the TuxCare division of CloudLinux — the company behind AlmaLinux — announced that it’s completed a Security Technical Implementation Guide, generally called a STIG, for AlmaLinux OS 9. Doing so puts the distro in a Department of Justice security class only shared by 13 versions of seven other operating systems or Linux distros.
In case you’re wondering, a STIG is basically a set of security configurations for using a product (which can be anything from an operating system to hardware to software to whatever) within the US Department of Defense and its associated networks. In other words, by using the STIG — which is downloadable from the DOD here — you can make your AlmaLinux installs as security hardened as you like.
When you consider that AlmaLinux 9.2 has had FIPS 140-3 certification since 2023, this means you can turn AlmaLinux into a data center superhero.
“The use of FIPS cryptographic modules is mandatory with a STIG, as are some pretty hardcore policies like SmartCard authentication, CPU/RAM protection, LUKS full disk encryption, and the use of USBGuard – no more plugging your mobile phone into your work laptop!” Simon John, Security Certification Manager at CloudLinux, wrote today in an update to an already published blog.
“Again, you don’t have to be part of the US government to find value in and use a STIG — it’s probably the highest level of security hardening guidance there is, covering practices like AAA, DLP, physical/logical access control and least-privilege; it’s freely-available and with various tools able to test STIG compliance, it could be the answer to all of your cybersecurity compliance needs.”
STIGs are also something of a rarity among clones of Red Hat Enterprise Linux. Other than RHEL 9 itself, AlmaLinux 9 is the only RHEL clone with a DISA STIG. Another RHEL clone, Oracle Linux, has a DISA STIG, but only for version’s seven and eight.
“TuxCare is pleased to play a notable role in AlmaLinux’s growth through developments such as the completion of a DISA STIG and a fast-growing number of team members devoted to FIPS for AlmaLinux and other compliance necessities,” Michael Canavan, TuxCare’s Chief Revenue Officer said in a statement. “Many penetration testing companies and cloud providers that already support the AlmaLinux community will no doubt welcome this DISA STIG and FIPS 140-3 compliance combination that we previously began offering.”
Be First to Comment