Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

8.12. SCAP Security Guide profiles supported in RHEL 7

Use only the SCAP content provided in the particular minor release of RHEL. This is because components that participate in hardening are periodically updated with new capabilities. SCAP content changes to reflect these updates, but it is not always backward compatible.
In the following tables, you can find the profiles provided in each minor version of RHEL, together with the version of the policy with which the profile aligns.

Table 8.2. SCAP Security Guide profiles supported in RHEL 7.9

Profile nameProfile IDPolicy version
CIS Red Hat Enterprise Linux 7 Benchmark for Level 2 - Serverxccdf_org.ssgproject.content_profile_cis
RHEL 7.9.9 and earlier:2.2.0
RHEL 7.9.10 to RHEL 7.9.29:3.1.1
RHEL 7.9.30 and later:4.0.0
CIS Red Hat Enterprise Linux 7 Benchmark for Level 1 - Serverxccdf_org.ssgproject.content_profile_cis_server_l1
RHEL 7.9.10 to RHEL 7.9.29:3.1.1
RHEL 7.9.30 and later:4.0.0
CIS Red Hat Enterprise Linux 7 Benchmark for Level 1 - Workstationxccdf_org.ssgproject.content_profile_cis_workstation_l1
RHEL 7.9.10 to RHEL 7.9.29:3.1.1
RHEL 7.9.30 and later:4.0.0
CIS Red Hat Enterprise Linux 7 Benchmark for Level 2 - Workstationxccdf_org.ssgproject.content_profile_cis_workstation_l2
RHEL 7.9.10 to RHEL 7.9.29:3.1.1
RHEL 7.9.30 and later:4.0.0
French National Agency for the Security of Information Systems (ANSSI) BP-028 Enhanced Levelxccdf_org.ssgproject.content_profile_anssi_nt28_enhanced
RHEL 7.9.4 and earlier:draft
RHEL 7.9.5 to RHEL 7.9.24:1.2
RHEL 7.9.25 and later:2.0
French National Agency for the Security of Information Systems (ANSSI) BP-028 High Levelxccdf_org.ssgproject.content_profile_anssi_nt28_high
RHEL 7.9.6 and earlier:draft
RHEL 7.9.7 to RHEL 7.9.24:1.2
RHEL 7.9.25 and later:2.0
French National Agency for the Security of Information Systems (ANSSI) BP-028 Intermediary Levelxccdf_org.ssgproject.content_profile_anssi_nt28_intermediary
RHEL 7.9.4 and earlier: draft
RHEL 7.9.5 to RHEL 7.9.24:1.2
RHEL 7.9.25 and later:2.0
French National Agency for the Security of Information Systems (ANSSI) BP-028 Minimal Levelxccdf_org.ssgproject.content_profile_anssi_nt28_minimal
RHEL 7.9.4 and earlier:draft
RHEL 7.9.5 to RHEL 7.9.24:1.2
RHEL 7.9.25 and later:2.0
C2S for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_C2Snot versioned
Criminal Justice Information Services (CJIS) Security Policyxccdf_org.ssgproject.content_profile_cjis5.4
Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)xccdf_org.ssgproject.content_profile_cuir1
Australian Cyber Security Centre (ACSC) Essential Eightxccdf_org.ssgproject.content_profile_e8not versioned
Health Insurance Portability and Accountability Act (HIPAA)xccdf_org.ssgproject.content_profile_hipaanot versioned
NIST National Checklist Program Security Guidexccdf_org.ssgproject.content_profile_ncpnot versioned
OSPP - Protection Profile for General Purpose Operating Systems v4.2.1xccdf_org.ssgproject.content_profile_ospp4.2.1
PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_pci-dss_centric
RHEL 7.9.12 and earlier: 3.2.1
Removed in 7.9.13 and later versions. For more information, see RHBZ#2038165
PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_pci-dss
RHEL 7.9.0 to RHEL 7.9.29:3.2.1
RHEL 7.9.30 and later:4.0
[DRAFT] DISA STIG for Red Hat Enterprise Linux Virtualization Host (RHELH)xccdf_org.ssgproject.content_profile_rhelh-stigdraft
VPP - Protection Profile for Virtualization v. 1.0 for Red Hat Enterprise Linux Hypervisor (RHELH)xccdf_org.ssgproject.content_profile_rhelh-vpp1.0
Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)xccdf_org.ssgproject.content_profile_rht-ccpnot versioned
Standard System Security Profile for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_standardnot versioned
DISA STIG for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_stig
RHEL 7.9.0 and 7.9.1: 1.4
RHEL 7.9.2 to 7.9.4: V3R1
RHEL 7.9.5 and 7.9.6:V3R2
RHEL 7.9.7 to RHEL 7.9.9:V3R3
RHEL 7.9.10 and RHEL 7.9.11:V3R5
RHEL 7.9.12 and RHEL 7.9.13:V3R6
RHEL 7.9.14 to RHEL 7.9.16:V3R7
RHEL 7.9.17 to RHEL 7.9.20:V3R8
RHEL 7.9.21 to RHEL 7.9.24:V3R10
RHEL 7.9.25 to RHEL 7.9.29:V3R12
RHEL 7.9.30 and later:V3R14
DISA STIG with GUI for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_stig_gui
RHEL 7.9.7 to RHEL 7.9.9:V3R3
RHEL 7.9.10 and RHEL 7.9.11:V3R5
RHEL 7.9.12 and RHEL 7.9.13:V3R6
RHEL 7.9.14 to RHEL 7.9.16:V3R7
RHEL 7.9.17 to RHEL 7.9.20:V3R8
RHEL 7.9.21 to RHEL 7.9.24:V3R10
RHEL 7.9.25 to RHEL 7.9.29:V3R12
RHEL 7.9.30 and later:V3R14

Table 8.3. SCAP Security Guide profiles supported in RHEL 7.8

Profile nameProfile IDPolicy version
DRAFT - ANSSI DAT-NT28 (enhanced)xccdf_org.ssgproject.content_profile_anssi_nt28_enhanceddraft
DRAFT - ANSSI DAT-NT28 (high)xccdf_org.ssgproject.content_profile_anssi_nt28_highdraft
DRAFT - ANSSI DAT-NT28 (intermediary)xccdf_org.ssgproject.content_profile_anssi_nt28_intermediarydraft
DRAFT - ANSSI DAT-NT28 (minimal)xccdf_org.ssgproject.content_profile_anssi_nt28_minimaldraft
C2S for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_C2Snot versioned
Criminal Justice Information Services (CJIS) Security Policyxccdf_org.ssgproject.content_profile_cjis5.4
Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)xccdf_org.ssgproject.content_profile_cuir1
Australian Cyber Security Centre (ACSC) Essential Eightxccdf_org.ssgproject.content_profile_e8not versioned
Health Insurance Portability and Accountability Act (HIPAA)xccdf_org.ssgproject.content_profile_hipaanot versioned
NIST National Checklist Program Security Guidexccdf_org.ssgproject.content_profile_ncpnot versioned
OSPP - Protection Profile for General Purpose Operating Systems v4.2.1xccdf_org.ssgproject.content_profile_ospp4.2.1
PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_pci-dss_centric3.2.1
PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_pci-dss3.2.1
[DRAFT] DISA STIG for Red Hat Enterprise Linux Virtualization Host (RHELH)xccdf_org.ssgproject.content_profile_rhelh-stigdraft
VPP - Protection Profile for Virtualization v. 1.0 for Red Hat Enterprise Linux Hypervisor (RHELH)xccdf_org.ssgproject.content_profile_rhelh-vpp1.0
Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)xccdf_org.ssgproject.content_profile_rht-ccpnot versioned
Standard System Security Profile for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_standardnot versioned
DISA STIG for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_stig1.4

Table 8.4. SCAP Security Guide profiles supported in RHEL 7.7

Profile nameProfile IDPolicy version
C2S for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_C2Snot versioned
Criminal Justice Information Services (CJIS) Security Policyxccdf_org.ssgproject.content_profile_cjis5.4
Health Insurance Portability and Accountability Act (HIPAA)xccdf_org.ssgproject.content_profile_hipaanot versioned
Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)xccdf_org.ssgproject.content_profile_nist-800-171-cuir1
OSPP - Protection Profile for General Purpose Operating Systems v. 4.2xccdf_org.ssgproject.content_profile_ospp424.2
United States Government Configuration Baselinexccdf_org.ssgproject.content_profile_ospp3.9
PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_pci-dss_centric3.2.1
PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_pci-dss3.2.1
VPP - Protection Profile for Virtualization v. 1.0 for Red Hat Enterprise Linux Hypervisor (RHELH)xccdf_org.ssgproject.content_profile_rhelh-vpp1.0
Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)xccdf_org.ssgproject.content_profile_rht-ccpnot versioned
Standard System Security Profile for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_standardnot versioned
DISA STIG for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_stig-rhel7-disa1.4

Table 8.5. SCAP Security Guide profiles supported in RHEL 7.6

Profile nameProfile IDPolicy version
C2S for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_C2Snot versioned
Criminal Justice Information Services (CJIS) Security Policyxccdf_org.ssgproject.content_profile_cjis5.4
Health Insurance Portability and Accountability Act (HIPAA)xccdf_org.ssgproject.content_profile_hipaanot versioned
Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)xccdf_org.ssgproject.content_profile_nist-800-171-cuir1
OSPP - Protection Profile for General Purpose Operating Systems v. 4.2xccdf_org.ssgproject.content_profile_ospp424.2
United States Government Configuration Baselinexccdf_org.ssgproject.content_profile_ospp3.9
PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_pci-dss_centric3.1
PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_pci-dss3.1
Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)xccdf_org.ssgproject.content_profile_rht-ccpnot versioned
Standard System Security Profile for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_standardnot versioned
DISA STIG for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_stig-rhel7-disa1.4

Table 8.6. SCAP Security Guide profiles supported in RHEL 7.5

Profile nameProfile IDPolicy version
C2S for Red Hat Enterprise Linuxxccdf_org.ssgproject.content_profile_C2Snot versioned
Criminal Justice Information Services (CJIS) Security Policyxccdf_org.ssgproject.content_profile_cjis-rhel7-server5.4
Common Profile for General-Purpose Systemsxccdf_org.ssgproject.content_profile_commonnot versioned
Standard Docker Host Security Profilexccdf_org.ssgproject.content_profile_docker-hostnot versioned
Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)xccdf_org.ssgproject.content_profile_nist-800-171-cuir1
United States Government Configuration Baseline (USGCB / STIG) - DRAFTxccdf_org.ssgproject.content_profile_ospp-rhel73.9
PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_pci-dss_centric3.1
PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_pci-dss3.1
Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)xccdf_org.ssgproject.content_profile_rht-ccpnot versioned
Standard System Security Profilexccdf_org.ssgproject.content_profile_standardnot versioned
DISA STIG for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_stig-rhel7-disa1.4
STIG for Red Hat Virtualization Hypervisorxccdf_org.ssgproject.content_profile_stig-rhevh-upstream1.4

Table 8.7. SCAP Security Guide profiles supported in RHEL 7.4

Profile nameProfile IDPolicy version
C2S for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_C2Snot versioned
Criminal Justice Information Services (CJIS) Security Policyxccdf_org.ssgproject.content_profile_cjis-rhel7-server5.4
Common Profile for General-Purpose Systemsxccdf_org.ssgproject.content_profile_commonnot versioned
Standard Docker Host Security Profilexccdf_org.ssgproject.content_profile_docker-hostnot versioned
Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)xccdf_org.ssgproject.content_profile_nist-800-171-cuir1
United States Government Configuration Baseline (USGCB / STIG) - DRAFTxccdf_org.ssgproject.content_profile_ospp-rhel73.9
PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_pci-dss_centric3.1
PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_pci-dss3.1
Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)xccdf_org.ssgproject.content_profile_rht-ccpnot versioned
Standard System Security Profilexccdf_org.ssgproject.content_profile_standardnot versioned
DISA STIG for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_stig-rhel7-disa1.4
STIG for Red Hat Virtualization Hypervisorxccdf_org.ssgproject.content_profile_stig-rhevh-upstream 

Table 8.8. SCAP Security Guide profiles supported in RHEL 7.3

Profile nameProfile IDPolicy version
C2S for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_C2Snot versioned
Criminal Justice Information Services (CJIS) Security Policyxccdf_org.ssgproject.content_profile_cjis-rhel7-server5.4
Common Profile for General-Purpose Systemsxccdf_org.ssgproject.content_profile_commonnot versioned
CNSSI 1253 Low/Low/Low Control Baseline for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_nist-cl-il-alnot versioned
United States Government Configuration Baseline (USGCB / STIG)xccdf_org.ssgproject.content_profile_ospp-rhel7-servernot versioned
PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_pci-dss3.1
Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)xccdf_org.ssgproject.content_profile_rht-ccpnot versioned
Standard System Security Profilexccdf_org.ssgproject.content_profile_standardnot versioned
STIG for Red Hat Enterprise Linux 7 Server Running GUIsxccdf_org.ssgproject.content_profile_stig-rhel7-server-gui-upstream1.4
STIG for Red Hat Enterprise Linux 7 Serverxccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream1.4
STIG for Red Hat Enterprise Linux 7 Workstationxccdf_org.ssgproject.content_profile_stig-rhel7-workstation-upstream1.4

Table 8.9. SCAP Security Guide profiles supported in RHEL 7.2

Profile nameProfile IDPolicy version
Common Profile for General-Purpose Systemsxccdf_org.ssgproject.content_profile_commonnot versioned
Draft PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7xccdf_org.ssgproject.content_profile_pci-dssdraft
Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)xccdf_org.ssgproject.content_profile_rht-ccpnot versioned
Standard System Security Profilexccdf_org.ssgproject.content_profile_standardnot versioned
Pre-release Draft STIG for Red Hat Enterprise Linux 7 Serverxccdf_org.ssgproject.content_profile_stig-rhel7-server-upstreamdraft

Table 8.10. SCAP Security Guide profiles supported in RHEL 7.1

Profile nameProfile IDPolicy version
Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)xccdf_org.ssgproject.content_profile_rht-ccpnot versioned

Additional Resources