What is the difference between 'Red Hat Enterprise Linux STIG - Ver 3, Rel 3' and 'Red Hat Enterprise Linux 7 STIG Benchmark -Ver3,Rel3'

security redhat

I've been assigned to STIG our current rhel7 servers and when I go to 'public.cyber.mil/stigs/downloads' to download the zip file to import into stigviewer, I see two files.

Red Hat Enterprise Linux 7 STIG - Ver 3,Rel 3
Red Hat Enterprise Linux 7 STIG Benchmark - Ver 3, Rel 3

Can someone explain what are the differences between the two and which one should I use.


Solution 1:

As @GregAskew said, the "STIG" is for a manual review and the "STIG Benchmark" is for use with automated SCAP tools. If you are expected to perform a complete review, you should use the full "STIG" (not the Benchmark), as it will contain a number of checkpoints for things that cannot be automated, like the creation of specific system documentation, or the documentation of specific organizational policies.

Related

How to trigger swap space usage on linux?
What version of kibana I can use in Alibaba Cloud
Increasing the quota for an ECS instance in a region on Alibaba Cloud
VPN Connection site to site Alibaba Virtual Private Cloud
Do I need cPanel like software for my Production Server?
Unable to install mongoDB Community Edition on Ubuntu 14.04
AWS Route 53: How to migrate a hosted zone from one account to another completely?
Origin of “on thin ice”
Difference between 'yet' and 'although'
proper usage of "used to" when designating a change in name
Question tag for "you must have felt it too"?
Bimestrial - frequency of use or alternatives