DRAFT FISMA High/NIST National Checklist for Red Hat Enterprise Linux CoreOS (RHCOS)

Updated -

In support of Part 39.101(c) of the Federal Acquisition Regulation (FAR), the following content has been released as a public draft of the NIST National Checklist for Red Hat Enterprise Linux CoreOS.

This draft content was authored to meet the FISMA High technical controls from NIST 800-53.

This baseline was released to receive public feedback, help customers understand potential effects to production deployments, and allow the Red Hat Enterprise Linux CoreOS community a chance to preview the baseline prior to being formalized by the U.S. Government.

Providing Feedback

Content is developed through the ComplianceAsCode Project, a joint initiative between Red Hat Public Sector and NSA Information Assurance.

Feedback should be sent to the public user and developer mailing list:

Or through an upstream issue:


Description Status Download
NIST 800-53/FISMA Applicability Guide DRAFT [Download .zip] or [View Live]
CoreOS FISMA Security Configuration Guide DRAFT [Download .zip] or [View Live]
SCAP 1.2 XCCDF XML DRAFT [Download .zip]
SCAP 1.1 XCCDF XML DRAFT [Download .zip]

Statement of Support

Being in draft status, this content is not supported by Red Hat and is not recommended for production usage.

Official Baselines

Finalized NIST National Checklists for Red Hat products can be found on the NIST webpage at