Back

Configure the "GPG Key for package manager" setting to organizational standards.


CONTROL ID
08764
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Configure Red Hat Enterprise Linux to Organizational Standards., CC ID: 08713

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Ensure GPG keys are configured Description: Most packages managers implement GPG key signing to verify package integrity during installation. Rationale: It is important to ensure that updates are obtained from a valid source to protect against spoofing that could lead to the inadvertent installation… (1.2.1, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 1)
  • Ensure GPG keys are configured Description: Most packages managers implement GPG key signing to verify package integrity during installation. Rationale: It is important to ensure that updates are obtained from a valid source to protect against spoofing that could lead to the inadvertent installation… (1.2.1, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 2)
  • Title: Verify CentOS GPG Key is Installed Description: CentOS cryptographically signs updates with a GPG key to verify that they are valid. Rationale: It is important to ensure that updates are obtained from a valid source to protect against spoofing that could lead to the inadvertent installati… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1_Verify_CentOS_GPG_Key_is_Installed Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1_packages.gpg-pubkey, The Center for Internet Security CentOS 6 Level 1 Benchmark, 1.0.0)
  • Title: Verify Red Hat GPG Key is Installed Description: Red Hat cryptographically signs updates with a GPG key to verify that they are valid. Rationale: It is important to ensure that updates are obtained from a valid source to protect against spoofing that could lead to the inadvertent instal… (Rule:xccdf_org.cisecurity.benchmarks_rule_1.2.2_Verify_Red_Hat_GPG_Key_is_Installed Artifact Expression:xccdf_org.cisecurity.benchmarks_ae_1.2.2.1_packages.gpg-pubkey, The Center for Internet Security Red Hat Enterprise Linux 6 Level 1 Benchmark, 1.2.0)
  • Title: Verify Red Hat GPG Key is Installed Description: Red Hat cryptographically signs updates with a GPG key to verify that they are valid. Rationale: It is important to ensure that updates are obtained from a valid source to protect against spoofing that could lead to the inadvertent instal… (Rule:xccdf_org.cisecurity.benchmarks_rule_1.2.2_Verify_Red_Hat_GPG_Key_is_Installed Artifact Expression:xccdf_org.cisecurity.benchmarks_ae_1.2.2.1_packages.gpg-pubkey, The Center for Internet Security Red Hat Enterprise Linux 6 Level 2 Benchmark, 1.2.0)
  • Ensure GPG keys are configured Description: Most packages managers implement GPG key signing to verify package integrity during installation. Rationale: It is important to ensure that updates are obtained from a valid source to protect against spoofing that could lead to the inadvertent installation… (1.2.1, CIS Oracle Linux 8 Benchmark, Server Level 1, v1.0.1)
  • Ensure GPG keys are configured Description: Most packages managers implement GPG key signing to verify package integrity during installation. Rationale: It is important to ensure that updates are obtained from a valid source to protect against spoofing that could lead to the inadvertent installation… (1.2.1, CIS Oracle Linux 8 Benchmark, Server Level 2, v1.0.1)
  • The GPG Key for Red Hat Network should be installed or uninstalled as appropriate. Technical Mechanisms: via rpm Parameters: installed / uninstalled References: Section: 2.1.2.1.1 - Ensure that GPG Key for Red Hat Network is Installed (CCE-14440-2, Common Configuration Enumeration List, Combined XML: Red Hat Enterprise Linux 5, 5.20130214)