Feds finally extend security baseline to Red Hat Linux
At long last, a version of the U.S. Government Configuration Baseline (USGCB) for Red Hat Linux Desktop is in the house. The first set of USGCB security requirements were created some five years ago by the Office of Management and Budget, specifically for Windows Vista, with the assurance that other OSes would follow. With the proliferation of Macs and iPads, I'm surprised not to see a USGCB for Apple products. How far behind can the mobile platforms be?
If you aren't familiar with the USGCB security recommendations, you should be -- even if they aren't required of your company. They provide a useful benchmark for comparing your own security requirements against those that have been reviewed time and again by professionals.
The current USGCB requirement is a collection of more than security 337 settings for Windows and 115 settings for Internet Explorer 8. They set a fairly strict baseline, somewhere between the EC (Enterprise Client) and SSLF (Specialized Security -- Limited Functionality) baseline from Microsoft, my full-time employer.