8.12. SCAP Security Guide profiles supported in RHEL 7
Use only the SCAP content provided in the particular minor release of RHEL. This is because components that participate in hardening are periodically updated with new capabilities. SCAP content changes to reflect these updates, but it is not always backward compatible.
In the following tables, you can find the profiles provided in each minor version of RHEL, together with the version of the policy with which the profile aligns.
Profile name | Profile ID | Policy version |
---|---|---|
CIS Red Hat Enterprise Linux 7 Benchmark for Level 2 - Server | xccdf_org.ssgproject.content_profile_ cis |
RHEL 7.9.9 and earlier:2.2.0
RHEL 7.9.10 to RHEL 7.9.29:3.1.1
RHEL 7.9.30 and later:4.0.0
|
CIS Red Hat Enterprise Linux 7 Benchmark for Level 1 - Server | xccdf_org.ssgproject.content_profile_ cis_server_l1 |
RHEL 7.9.10 to RHEL 7.9.29:3.1.1
RHEL 7.9.30 and later:4.0.0
|
CIS Red Hat Enterprise Linux 7 Benchmark for Level 1 - Workstation | xccdf_org.ssgproject.content_profile_ cis_workstation_l1 |
RHEL 7.9.10 to RHEL 7.9.29:3.1.1
RHEL 7.9.30 and later:4.0.0
|
CIS Red Hat Enterprise Linux 7 Benchmark for Level 2 - Workstation | xccdf_org.ssgproject.content_profile_ cis_workstation_l2 |
RHEL 7.9.10 to RHEL 7.9.29:3.1.1
RHEL 7.9.30 and later:4.0.0
|
French National Agency for the Security of Information Systems (ANSSI) BP-028 Enhanced Level | xccdf_org.ssgproject.content_profile_ anssi_nt28_enhanced |
RHEL 7.9.4 and earlier:draft
RHEL 7.9.5 to RHEL 7.9.24:1.2
RHEL 7.9.25 and later:2.0
|
French National Agency for the Security of Information Systems (ANSSI) BP-028 High Level | xccdf_org.ssgproject.content_profile_ anssi_nt28_high |
RHEL 7.9.6 and earlier:draft
RHEL 7.9.7 to RHEL 7.9.24:1.2
RHEL 7.9.25 and later:2.0
|
French National Agency for the Security of Information Systems (ANSSI) BP-028 Intermediary Level | xccdf_org.ssgproject.content_profile_ anssi_nt28_intermediary |
RHEL 7.9.4 and earlier: draft
RHEL 7.9.5 to RHEL 7.9.24:1.2
RHEL 7.9.25 and later:2.0
|
French National Agency for the Security of Information Systems (ANSSI) BP-028 Minimal Level | xccdf_org.ssgproject.content_profile_ anssi_nt28_minimal |
RHEL 7.9.4 and earlier:draft
RHEL 7.9.5 to RHEL 7.9.24:1.2
RHEL 7.9.25 and later:2.0
|
C2S for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ C2S | not versioned |
Criminal Justice Information Services (CJIS) Security Policy | xccdf_org.ssgproject.content_profile_ cjis | 5.4 |
Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171) | xccdf_org.ssgproject.content_profile_ cui | r1 |
Australian Cyber Security Centre (ACSC) Essential Eight | xccdf_org.ssgproject.content_profile_ e8 | not versioned |
Health Insurance Portability and Accountability Act (HIPAA) | xccdf_org.ssgproject.content_profile_ hipaa | not versioned |
NIST National Checklist Program Security Guide | xccdf_org.ssgproject.content_profile_ ncp | not versioned |
OSPP - Protection Profile for General Purpose Operating Systems v4.2.1 | xccdf_org.ssgproject.content_profile_ ospp | 4.2.1 |
PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ pci-dss_centric |
RHEL 7.9.12 and earlier: 3.2.1
Removed in 7.9.13 and later versions. For more information, see RHBZ#2038165
|
PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ pci-dss |
RHEL 7.9.0 to RHEL 7.9.29:3.2.1
RHEL 7.9.30 and later:4.0
|
[DRAFT] DISA STIG for Red Hat Enterprise Linux Virtualization Host (RHELH) | xccdf_org.ssgproject.content_profile_ rhelh-stig | draft |
VPP - Protection Profile for Virtualization v. 1.0 for Red Hat Enterprise Linux Hypervisor (RHELH) | xccdf_org.ssgproject.content_profile_ rhelh-vpp | 1.0 |
Red Hat Corporate Profile for Certified Cloud Providers (RH CCP) | xccdf_org.ssgproject.content_profile_ rht-ccp | not versioned |
Standard System Security Profile for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ standard | not versioned |
DISA STIG for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ stig |
RHEL 7.9.0 and 7.9.1: 1.4
RHEL 7.9.2 to 7.9.4: V3R1
RHEL 7.9.5 and 7.9.6:V3R2
RHEL 7.9.7 to RHEL 7.9.9:V3R3
RHEL 7.9.10 and RHEL 7.9.11:V3R5
RHEL 7.9.12 and RHEL 7.9.13:V3R6
RHEL 7.9.14 to RHEL 7.9.16:V3R7
RHEL 7.9.17 to RHEL 7.9.20:V3R8
RHEL 7.9.21 to RHEL 7.9.24:V3R10
RHEL 7.9.25 to RHEL 7.9.29:V3R12
RHEL 7.9.30 and later:V3R14
|
DISA STIG with GUI for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ stig_gui |
RHEL 7.9.7 to RHEL 7.9.9:V3R3
RHEL 7.9.10 and RHEL 7.9.11:V3R5
RHEL 7.9.12 and RHEL 7.9.13:V3R6
RHEL 7.9.14 to RHEL 7.9.16:V3R7
RHEL 7.9.17 to RHEL 7.9.20:V3R8
RHEL 7.9.21 to RHEL 7.9.24:V3R10
RHEL 7.9.25 to RHEL 7.9.29:V3R12
RHEL 7.9.30 and later:V3R14
|
Profile name | Profile ID | Policy version |
---|---|---|
DRAFT - ANSSI DAT-NT28 (enhanced) | xccdf_org.ssgproject.content_profile_ anssi_nt28_enhanced | draft |
DRAFT - ANSSI DAT-NT28 (high) | xccdf_org.ssgproject.content_profile_ anssi_nt28_high | draft |
DRAFT - ANSSI DAT-NT28 (intermediary) | xccdf_org.ssgproject.content_profile_ anssi_nt28_intermediary | draft |
DRAFT - ANSSI DAT-NT28 (minimal) | xccdf_org.ssgproject.content_profile_ anssi_nt28_minimal | draft |
C2S for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ C2S | not versioned |
Criminal Justice Information Services (CJIS) Security Policy | xccdf_org.ssgproject.content_profile_ cjis | 5.4 |
Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171) | xccdf_org.ssgproject.content_profile_ cui | r1 |
Australian Cyber Security Centre (ACSC) Essential Eight | xccdf_org.ssgproject.content_profile_ e8 | not versioned |
Health Insurance Portability and Accountability Act (HIPAA) | xccdf_org.ssgproject.content_profile_ hipaa | not versioned |
NIST National Checklist Program Security Guide | xccdf_org.ssgproject.content_profile_ ncp | not versioned |
OSPP - Protection Profile for General Purpose Operating Systems v4.2.1 | xccdf_org.ssgproject.content_profile_ ospp | 4.2.1 |
PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ pci-dss_centric | 3.2.1 |
PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ pci-dss | 3.2.1 |
[DRAFT] DISA STIG for Red Hat Enterprise Linux Virtualization Host (RHELH) | xccdf_org.ssgproject.content_profile_ rhelh-stig | draft |
VPP - Protection Profile for Virtualization v. 1.0 for Red Hat Enterprise Linux Hypervisor (RHELH) | xccdf_org.ssgproject.content_profile_ rhelh-vpp | 1.0 |
Red Hat Corporate Profile for Certified Cloud Providers (RH CCP) | xccdf_org.ssgproject.content_profile_ rht-ccp | not versioned |
Standard System Security Profile for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ standard | not versioned |
DISA STIG for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ stig | 1.4 |
Profile name | Profile ID | Policy version |
---|---|---|
C2S for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ C2S | not versioned |
Criminal Justice Information Services (CJIS) Security Policy | xccdf_org.ssgproject.content_profile_ cjis | 5.4 |
Health Insurance Portability and Accountability Act (HIPAA) | xccdf_org.ssgproject.content_profile_ hipaa | not versioned |
Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171) | xccdf_org.ssgproject.content_profile_ nist-800-171-cui | r1 |
OSPP - Protection Profile for General Purpose Operating Systems v. 4.2 | xccdf_org.ssgproject.content_profile_ ospp42 | 4.2 |
United States Government Configuration Baseline | xccdf_org.ssgproject.content_profile_ ospp | 3.9 |
PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ pci-dss_centric | 3.2.1 |
PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ pci-dss | 3.2.1 |
VPP - Protection Profile for Virtualization v. 1.0 for Red Hat Enterprise Linux Hypervisor (RHELH) | xccdf_org.ssgproject.content_profile_ rhelh-vpp | 1.0 |
Red Hat Corporate Profile for Certified Cloud Providers (RH CCP) | xccdf_org.ssgproject.content_profile_ rht-ccp | not versioned |
Standard System Security Profile for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ standard | not versioned |
DISA STIG for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ stig-rhel7-disa | 1.4 |
Profile name | Profile ID | Policy version |
---|---|---|
C2S for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_C2S | not versioned |
Criminal Justice Information Services (CJIS) Security Policy | xccdf_org.ssgproject.content_profile_ cjis | 5.4 |
Health Insurance Portability and Accountability Act (HIPAA) | xccdf_org.ssgproject.content_profile_ hipaa | not versioned |
Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171) | xccdf_org.ssgproject.content_profile_ nist-800-171-cui | r1 |
OSPP - Protection Profile for General Purpose Operating Systems v. 4.2 | xccdf_org.ssgproject.content_profile_ ospp42 | 4.2 |
United States Government Configuration Baseline | xccdf_org.ssgproject.content_profile_ ospp | 3.9 |
PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ pci-dss_centric | 3.1 |
PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ pci-dss | 3.1 |
Red Hat Corporate Profile for Certified Cloud Providers (RH CCP) | xccdf_org.ssgproject.content_profile_ rht-ccp | not versioned |
Standard System Security Profile for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ standard | not versioned |
DISA STIG for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ stig-rhel7-disa | 1.4 |
Profile name | Profile ID | Policy version |
---|---|---|
C2S for Red Hat Enterprise Linux | xccdf_org.ssgproject.content_profile_ C2S | not versioned |
Criminal Justice Information Services (CJIS) Security Policy | xccdf_org.ssgproject.content_profile_ cjis-rhel7-server | 5.4 |
Common Profile for General-Purpose Systems | xccdf_org.ssgproject.content_profile_ common | not versioned |
Standard Docker Host Security Profile | xccdf_org.ssgproject.content_profile_ docker-host | not versioned |
Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171) | xccdf_org.ssgproject.content_profile_ nist-800-171-cui | r1 |
United States Government Configuration Baseline (USGCB / STIG) - DRAFT | xccdf_org.ssgproject.content_profile_ ospp-rhel7 | 3.9 |
PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ pci-dss_centric | 3.1 |
PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ pci-dss | 3.1 |
Red Hat Corporate Profile for Certified Cloud Providers (RH CCP) | xccdf_org.ssgproject.content_profile_ rht-ccp | not versioned |
Standard System Security Profile | xccdf_org.ssgproject.content_profile_ standard | not versioned |
DISA STIG for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ stig-rhel7-disa | 1.4 |
STIG for Red Hat Virtualization Hypervisor | xccdf_org.ssgproject.content_profile_ stig-rhevh-upstream | 1.4 |
Profile name | Profile ID | Policy version |
---|---|---|
C2S for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ C2S | not versioned |
Criminal Justice Information Services (CJIS) Security Policy | xccdf_org.ssgproject.content_profile_ cjis-rhel7-server | 5.4 |
Common Profile for General-Purpose Systems | xccdf_org.ssgproject.content_profile_ common | not versioned |
Standard Docker Host Security Profile | xccdf_org.ssgproject.content_profile_ docker-host | not versioned |
Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171) | xccdf_org.ssgproject.content_profile_ nist-800-171-cui | r1 |
United States Government Configuration Baseline (USGCB / STIG) - DRAFT | xccdf_org.ssgproject.content_profile_ ospp-rhel7 | 3.9 |
PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ pci-dss_centric | 3.1 |
PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ pci-dss | 3.1 |
Red Hat Corporate Profile for Certified Cloud Providers (RH CCP) | xccdf_org.ssgproject.content_profile_ rht-ccp | not versioned |
Standard System Security Profile | xccdf_org.ssgproject.content_profile_ standard | not versioned |
DISA STIG for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ stig-rhel7-disa | 1.4 |
STIG for Red Hat Virtualization Hypervisor | xccdf_org.ssgproject.content_profile_ stig-rhevh-upstream |
Profile name | Profile ID | Policy version |
---|---|---|
C2S for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ C2S | not versioned |
Criminal Justice Information Services (CJIS) Security Policy | xccdf_org.ssgproject.content_profile_ cjis-rhel7-server | 5.4 |
Common Profile for General-Purpose Systems | xccdf_org.ssgproject.content_profile_ common | not versioned |
CNSSI 1253 Low/Low/Low Control Baseline for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ nist-cl-il-al | not versioned |
United States Government Configuration Baseline (USGCB / STIG) | xccdf_org.ssgproject.content_profile_ ospp-rhel7-server | not versioned |
PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ pci-dss | 3.1 |
Red Hat Corporate Profile for Certified Cloud Providers (RH CCP) | xccdf_org.ssgproject.content_profile_ rht-ccp | not versioned |
Standard System Security Profile | xccdf_org.ssgproject.content_profile_ standard | not versioned |
STIG for Red Hat Enterprise Linux 7 Server Running GUIs | xccdf_org.ssgproject.content_profile_ stig-rhel7-server-gui-upstream | 1.4 |
STIG for Red Hat Enterprise Linux 7 Server | xccdf_org.ssgproject.content_profile_ stig-rhel7-server-upstream | 1.4 |
STIG for Red Hat Enterprise Linux 7 Workstation | xccdf_org.ssgproject.content_profile_ stig-rhel7-workstation-upstream | 1.4 |
Profile name | Profile ID | Policy version |
---|---|---|
Common Profile for General-Purpose Systems | xccdf_org.ssgproject.content_profile_ common | not versioned |
Draft PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7 | xccdf_org.ssgproject.content_profile_ pci-dss | draft |
Red Hat Corporate Profile for Certified Cloud Providers (RH CCP) | xccdf_org.ssgproject.content_profile_ rht-ccp | not versioned |
Standard System Security Profile | xccdf_org.ssgproject.content_profile_ standard | not versioned |
Pre-release Draft STIG for Red Hat Enterprise Linux 7 Server | xccdf_org.ssgproject.content_profile_ stig-rhel7-server-upstream | draft |
Profile name | Profile ID | Policy version |
---|---|---|
Red Hat Corporate Profile for Certified Cloud Providers (RH CCP) | xccdf_org.ssgproject.content_profile_ rht-ccp | not versioned |
Additional Resources
- For information about profiles in RHEL 8, see SCAP Security Guide profiles supported in RHEL 8