Details

The operating system must be a vendor supported release

Rationale:

An operating system release is considered ‘supported’ if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.

Red Hat offers the Extended Update Support (EUS) Add-On to a Red Hat Enterprise Linux subscription, for a fee, for those customers who wish to standardize on a specific minor release for an extended period. RHEL 7.7 marks the final minor release that EUS will be available, while 7.9 is the final minor release overall.

Solution

Upgrade to a supported version of the operating system.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3636

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-6b.
• CCI|CCI-000366
• CSCv7|2.2
• Rule-ID|SV-204458r744100_rule
• STIG-ID|RHEL-07-020250

Source

• Tenable.com/audits