A DoD version of RHEL - A money maker for RH? Maybe!

C Scarff Updated 2015-04-28T21:09:23+00:00
Active Contributor167 points

After my team has spent many, many, many, MANY hours making system checklists for STIGs, I'm thinking Red Hat would be able to charge a wee bit more for a certified RHEL Distro that is "DoD Ready". Meaning that 85 to 90 percent of the 249security STIG checks would be completed "out of the box". I've not seen many STIGs ever actually break the RHEL distro. Very few need to be an exception to properly function as a workstation or a server.

I KNOW someone would pay for that. The time that's "so-called" wasted to verify these checks is amazing. Sure, they'd still need to be verified, but knowing that a cleanly installed RHEL system is already 90% STIG'd would go a LONG ways and save a ton of time and give commands the warm and fuzzy for their security posture. Really, I bet corporations, who are now learning how screwed up their security measures are, would also pay for a better implementation of RHEL. Sure, RHEL is pretty good now out of the box, but it could be even tighter, lets face it.

I bet they'd pay $50 to $100 more per license for a well-crafted STIG-approved OS - with a few good GUI tools to assist them. They're paying a lot of IA and admin folks more than that to maintain the quality of security-readiness that's demanded on the staff now.

STIG Reference in RHN
https://access.redhat.com/discussions/688833

Interested in participating? Red Hat Customer Portal Discussions are open to the public and can be viewed by everyone, but you must have a Red Hat Subscription to post and participate. Login now!