Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

Henry Coggill
on 18 April 2024

DISA publishes STIG for Ubuntu 22.04 LTS


Introduction

DISA, the Defense Information Systems Agency, has published their Security Technical Implementation Guide (STIG) for Ubuntu 22.04 LTS. The STIG is free for the public to download from the DOD Cyber Exchange. Canonical has been working with DISA since we published Ubuntu 22.04 LTS to draft this STIG, and we are delighted that it is now finalised and available for everyone to use.

We’re pleased to now release the Ubuntu Security Guide profile to enable customers to automatically harden and audit their Ubuntu 22.04 LTS systems for the STIG.

What is a STIG?

A STIG is a set of guidelines for how to configure an application or system in order to harden it. Hardening means reducing the system’s attack surface: removing unnecessary software packages, locking down default values to the tightest possible settings and configuring the system to run only what you explicitly require. System hardening guidelines also seek to lessen collateral damage in the event of a compromise.

STIGs are intended to be applied with judgement and common sense. Each mission or deployment is going to be different: where a piece of guidance doesn’t make sense for your specific needs, you can choose your own path forward whilst keeping the overall intentions of the STIG in mind.

The STIGs have been primarily developed for use within the US Department of Defense. However, because they are based on universally-recognised security principles, they can be used by anyone who wants a robust system hardening framework. As a result, STIGs are being more widely adopted across the US government and numerous industries, such as financial services and online gaming.

When will Canonical publish a DISA-STIG USG profile?

The STIG that DISA has published is primarily composed of a manual XCCDF XML document that describes in human-readable words how to configure Ubuntu 22.04 LTS. This XML file contains nearly 200 individual pieces of guidance, which can be quite a daunting prospect to tackle from scratch. To simplify this process, Canonical produces the Ubuntu Security Guide (USG), an automation tool that handles both the checking and remediation of the STIG rules. USG is available as part of Ubuntu Pro, and can be enabled through the Pro client.

We’re pleased to now release the Ubuntu Security Guide profile to enable customers to automatically harden and audit their Ubuntu 22.04 LTS systems for the STIG.

Conclusion

The STIG for Ubuntu 22.04 LTS will allow any users or administrators to harden their systems in accordance with this rigorous standard. Doing this by hand is a time-consuming proposition, so we recommend taking advantage of automated tooling to speed up the hardening and auditing process.

Further resources

Related posts


Massimiliano Gori
27 November 2024

Entra ID authentication on Ubuntu at scale with Landscape

Ubuntu Article

Authd allows Entra ID authentication on both Ubuntu Desktop and Server. Learn how to configure Authd at scale using Landscape and Cloud-init ...


sergiodj
18 November 2024

Profile-guided optimization: A case study

Ubuntu Article

Software developers spend a huge amount of effort working on optimization – extracting more speed and better performance from their algorithms and programs. This work usually involves a lot of time-consuming manual investigation, making automatic performance optimization a hot topic in the world of software development. Profile-guided opt ...


Serdar Vural
28 October 2024

Canonical at India Mobile Congress 2024 – a retrospective

AI OpenStack

With an ambition to become Asia’s technology hub for telecommunications in the 5G/6G era, India hosts the annual India Mobile Congress (IMC) in Pragati Maidan, New Delhi. IMC is an annual trade exhibition for the telecommunication sector, bringing together operators, system integrators, as well as software and hardware vendors. It has now ...