DRAFT - Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)

Ansible Role for DRAFT - Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)

Profile Description:
According to NIST 800-171, Section 2.2:
The security guidelines to keep Controlled Unclassified Information (CUI) safe in non-federal systems are structured into two parts:
(i) basic security requirements;
(ii) derived security requirements.
The basic requirements come from FIPS Publication 200, which outlines essential security needs for federal information and systems. The derived requirements, which add to the basic ones, are from NIST Special Publication 800-53's security controls.
This profile sets up Red Hat Enterprise Linux 9 according to the NIST Special Publication 800-53 controls meant for protecting CUI.

The tasks for this role are created using OpenSCAP.
For more information on how to create Ansible playbooks with OpenSCAP, visit OpenSCAP GitHub.

To report a fix or improvement for a failing or missing Ansible task in this role, check the ComplianceAsCode project at ComplianceAsCode GitHub.

Requirements

• Ansible version 2.9 or later

Role Variables

To tailor the role to your preferences, review the list of variables.

Dependencies

None

Example Role Usage

To install the role, run ansible-galaxy install RedHatOfficial.rhel9_cui. Then use the following playbook snippet to run the Ansible role:

- hosts: all
  roles:
     - { role: RedHatOfficial.rhel9_cui }

Next, check the playbook by running this command on your local machine:

ansible-playbook -i "localhost," -c local --check playbook.yml

To deploy it (this may change settings on your local machine!):

ansible-playbook -i "localhost," -c local playbook.yml

License

BSD-3-Clause

Author Information

This Ansible role was created from security policies developed by the ComplianceAsCode project. For an updated list of authors and contributors, please visit Contributors on GitHub.