SUSE Linux Enterprise Server 12 STIG has been approved by Defense Information Systems Agency (DISA) and posted on IASE. This assists with the adoption of SUSE Linux Enterprise Server 12 in the US Federal Government and with Government Contractors.
What is STIG? Where does it come from?
The Security Technical Implementation Guides (STIGs) define the configuration and settings of United States Department of Defense (DoD) IT systems that provide a standardization of the security profile for a particular technology. These cybersecurity guidelines are developed from the Security Requirements Guides (SRGs) that are produced by the Defense Information Systems Agency (DISA).
STIGs are widely used by the United States government and allies, government contractors, and various commercial entities to provide a cybersecurity methodology for securing and hardening operating systems to a DoD security standard.
The SUSE Linux Enterprise Server 12 STIG has several items to note for System Administrators and Security Auditors such as:
The SUSE Linux Enterprise Server (SLES) 12 STIG references AppArmor, a Linux Security Module for implementing mandatory access controls (MAC) and application white listing in place of SELinux.
- Common Access Card (CAC) Support
The SLES 12 STIG prescribes the use of two-factor authentication to access IT resources. Support for CAC smart cards is detailed in a SUSE Blog Configuring Smart Card authentication on SUSE Linux Enterprise.
The acceptance and approval of the SLES 12 STIG continues the commitment of SUSE Security to meet various federal and international security standards such as Common Criteria and Federal Information Processing Standards (FIPS) 140-2.
You can access the SLES 12 STIG and latest SUSE security certifications information at
- SUSE Linux Enterprise Server 12 STIG Version 1 at IASE
- DISA Memo – SLES 12 STIG V1
- SLES12 STIG V1 at SUSE file server
- SUSE Security Certifications
You can reach out to SUSE security team at https://www.suse.com/support/security/contact/.