The operating system must preserve organization-defined system state information in the event of a system failure.

Latest response

The following DISA STIG ID was in RHEL 6:

The operating system must preserve organization-defined system state information in the event of a system failure.

The fix text said the following: RHEL6 supports this requirement and cannot be configured to be out of compliance. This is a permanent not a finding.

Our organization is now running RHEL 7.4 and I am wondering does this still apply? What settings/files are configured to force a system into a "defined" state?

Responses

Hi Mike, which one of these items http://people.redhat.com/swells/scap-security-guide/tables/table-rhel6-stig.html in particular were you referring to?

Also, for the current rhel7 stig requirements, examine this SCC 5.0.2 RHEL 7 x86 64 *PKI https://iase.disa.mil/stigs/scap/Pages/index.aspx. This link is the stig home at disa

When you extract that, you end up with an DISA provided rpm which has some readme info that's useful for install/running to get your stig status for a system. There are some false positives.

I looked, could not see the language you speak of. Do you have the precise stig text for that requirement? (I see you're asking about rhel6 stig and it's applicability to rhel7)

Regards,

RJ

RJ,

Below is what I was referencing

RHEL-06-000500-PNF

Description: Failure in a known state can address safety or security in accordance with the mission/business needs of the organization. Failure in a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the operating system or a component of the system. Preserving operating system state information helps to facilitate system restart and return to the operational mode of the organization with less disruption of mission/business processes.

Details: RHEL6 supports this requirement and cannot be configured to be out of compliance. This is a permanent not a finding.

Fix text: This requirement is a permanent not a finding. No fix is required.

We are trying to get an ATO for a RHEL 7 system and our gov't ISSM is asking this question about failing to a known state. The RHEL 6 STIG says its supported but gives no other information. I'm assuming RHEL 7 supports it as well but I don't have any specific O/S settings I can show the ISSM.

The RHEL 7 stig (xml file that you read with a web browser) has nothing on that. However, I found this http://people.redhat.com/swells/scap-security-guide/tables/table-rhel7-srgmap.html and search for SRG-OS-000269-GPOS-00103 CCI-001665. Also see this

Product Meets this Requirement This requirement is a permanent not a finding. No fix is required. 

Thanks RJ! I'll forward the justification to our ISSM.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.