Skip to content

Update RHEL 9 STIG controls from V2R4 to V2R7#14386

Merged
Mab879 merged 2 commits intoComplianceAsCode:masterfrom
Arden97:missing_stig_refs
Feb 13, 2026
Merged

Update RHEL 9 STIG controls from V2R4 to V2R7#14386
Mab879 merged 2 commits intoComplianceAsCode:masterfrom
Arden97:missing_stig_refs

Conversation

@Arden97
Copy link
Copy Markdown
Contributor

@Arden97 Arden97 commented Feb 12, 2026
edited
Loading

Description:

  • Version bump from V2R4 to V2R7
  • 4 STIG controls removed and consolidated
  • Rules redistributed to maintain security coverage

Rationale:

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Used by openshift-ci bot. label Feb 12, 2026
@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Feb 12, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@Mab879 Mab879 self-assigned this Feb 12, 2026
@Mab879
Copy link
Copy Markdown
Member

Mab879 commented Feb 12, 2026

Should be v2r7. See #14382

@Mab879 Mab879 added this to the 0.1.80 milestone Feb 12, 2026
@Arden97 Arden97 changed the title Update RHEL 9 STIG controls from V2R4 to V2R6 Update RHEL 9 STIG controls from V2R4 to V2R7 Feb 12, 2026
Mab879
Mab879 requested changes Feb 13, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

111/262 Test #112: rule-removal-rhel9 ...............................................***Failed 0.79 sec
xccdf_org.ssgproject.content_rule_configure_kerberos_crypto_policy is missing in new data stream

@Arden97 Arden97 marked this pull request as ready for review February 13, 2026 10:43
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Used by openshift-ci bot. label Feb 13, 2026
@Mab879 Mab879 merged commit 88ecc84 into ComplianceAsCode:master Feb 13, 2026
141 of 143 checks passed
@ggbecker
Copy link
Copy Markdown
Member

ggbecker commented Feb 13, 2026

I think we are missing the update to the profiles themselves: here

content/products/rhel9/profiles/stig.profile

Line 5 in 88ecc84

version: V2R6

and here

content/products/rhel9/profiles/stig.profile

Line 16 in 88ecc84

DISA STIG for Red Hat Enterprise Linux 9 V2R6.

same for stig gui profile

@ggbecker
Copy link
Copy Markdown
Member

ggbecker commented Feb 13, 2026

we should probably unify those versions to a jinja variable or something

@Mab879
Copy link
Copy Markdown
Member

Mab879 commented Feb 13, 2026

we should probably unify those versions to a jinja variable or something

It's now in 3 places, the profile in 2 and the control file. So something in one place would be good idea.

@Mab879
Copy link
Copy Markdown
Member

Mab879 commented Feb 13, 2026

In the mean time: #14391

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mab879 Mab879 Mab879 approved these changes

@matusmarhefka matusmarhefka Awaiting requested review from matusmarhefka matusmarhefka is a code owner

@vojtapolasek vojtapolasek Awaiting requested review from vojtapolasek vojtapolasek is a code owner

@jan-cerny jan-cerny Awaiting requested review from jan-cerny jan-cerny is a code owner

Assignees

@Mab879 Mab879

Labels

None yet

Projects

None yet

Milestone

0.1.80

Development

Successfully merging this pull request may close these issues.

Various RHEL 8 and RHEL 9 rules are missing stigref references

3 participants

@Arden97 @Mab879 @ggbecker