STIG compliance guidelines require that repository metadata be signed as well as the packages themselves. Currently, users can not sign the metadata of repositories hosted by Satellite.
This link details STIG compliance:
(The operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components of packages without verification of the repository metadata.)
Red Hat Satellite 6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.