# Use managed components to customize your Image Builder image
<a name="use-managed-components"></a>

Managed components are created by AWS, sometimes in partnership with a third-party organization, such as the Center for Internet Security (CIS), for example. When you use managed components in your image or container recipes, Amazon provides the latest component versions that have patches and other updates applied. To get a list of components, or to get component information, see [List and view component details](component-details.md).

The following list of featured AWS managed components includes a component that's available for you to use when you subscribe to CIS hardened AMIs through the AWS Marketplace.

**Topics**
+ [Distributor package managed component application install for Image Builder Windows images](mgdcomponent-distributor-win.md)
+ [CIS hardening components](toe-cis.md)
+ [Amazon managed STIG hardening components for Image Builder](ib-stig.md)

# Distributor package managed component application install for Image Builder Windows images
<a name="mgdcomponent-distributor-win"></a>

AWS Systems Manager Distributor helps you package and publish software to AWS Systems Manager managed nodes. You can package and publish your own software or use Distributor to find and publish AWS-provided agent software packages. For more information about Systems Manager Distributor, see [AWS Systems Manager Distributor](https://docs.aws.amazon.com/systems-manager/latest/userguide/distributor.html) in the *AWS Systems Manager User Guide*.

**Managed components for Distributor**  
The following Image Builder managed components use AWS Systems Manager Distributor to install application packages on Windows instances.
+ The `distributor-package-windows` managed component uses AWS Systems Manager Distributor to install application packages that you specify on your Windows image build instance. To configure parameters when you include this component in your recipe, see [Configure `distributor-package-windows` as a standalone component](#mgdcomponent-distributor-config-standalone).
+ The `aws-vss-components-windows` component uses AWS Systems Manager Distributor to install the `AwsVssComponents` package on your Windows image build instance. To configure parameters when you include this component in your recipe, see [Configure `aws-vss-components-windows` as a standalone component](#mgdcomponent-vss-config-standalone).

For more information about how to use managed components in your Image Builder recipe, see [Create a new version of an image recipe](create-image-recipes.md) for image recipes or [Create a new version of a container recipe](create-container-recipes.md) for container recipes. For more information about the `AwsVssComponents` package, see [Create a VSS application-consistent snapshot](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/application-consistent-snapshots.html) in the *Amazon EC2 User Guide*.

## Prerequisites
<a name="mgdcomponent-distributor-prereq"></a>

Before you use Image Builder components that rely on Systems Manager Distributor to install application packages, you must ensure that the following prerequisites are met.
+ Image Builder components that use Systems Manager Distributor to install application packages on your instance need permission to call the Systems Manager API. Before you use the components in an Image Builder recipe, you must create the IAM policy and role that grant permission. To configure permissions, see [Configure Systems Manager Distributor permissions](#mgdcomponent-distributor-permissions).

**Note**  
Image Builder doesn't currently support Systems Manager Distributor packages that reboot the instance. For example, the `AWSNVMe`, `AWSPVDrivers`, and `AwsEnaNetworkDriver` Distributor packages reboot the instance, and so are not allowed.

## Configure Systems Manager Distributor permissions
<a name="mgdcomponent-distributor-permissions"></a>

The `distributor-package-windows` component and other components that use it, such as `aws-vss-components-windows`, require additional permission on the build instance to run. The build instance must be able to call the Systems Manager API to begin a Distributor installation and poll for the result.

Follow these procedures in the AWS Management Console to create a custom IAM policy and role that grant permission for Image Builder components to install Systems Manager Distributor packages from the build instance.

**Step 1: Create a policy**  
Create an IAM policy for Distributor permissions.

1. Open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).

1. In the navigation pane, choose **Policies**, and then choose **Create policy**.

1. On the **Create policy** page, choose the **JSON** tab, and then replace the default content with the following JSON policy, substituting partition, Region, and account ID as necessary, or using wildcards.

------
#### [ JSON ]

****  

   ```
   {
       "Version":"2012-10-17",		 	 	 
       "Statement": [
           {
               "Sid": "AllowDistributorSendCommand",
               "Effect": "Allow",
               "Action": "ssm:SendCommand",
               "Resource": [
                   "arn:aws:ssm:*::document/AWS-ConfigureAWSPackage",
                   "arn:aws:ec2:*:111122223333:instance/*"
               ]
           },
           {
               "Sid": "AllowGetCommandInvocation",
               "Effect": "Allow",
               "Action": "ssm:GetCommandInvocation",
               "Resource": "*"
           }
       ]
   }
   ```

------

1. Choose **Review policy**.

1. For **Name**, enter a name to identify the policy, such as `InvokeDistributor` or another name that you prefer.

1. (Optional) For **Description**, enter a description of the role's purpose.

1. Choose **Create policy**.

**Step 2: Create a role**  
Create an IAM role for Distributor permissions.

1. From the IAM console navigation pane, choose **Roles**, and then choose **Create role**.

1. Under **Select type of trusted entity**, choose **AWS service**.

1. Immediately under **Choose the service that will use this role**, choose **EC2**, and then choose **Next: Permissions**.

1. Under **Select your use case**, choose **EC2**, and then choose **Next: Permissions**.

1. In the list of policies, select the check box next to **AmazonSSMManagedInstanceCore**. (Type `SSM` in the search box if you need to narrow the list.)

1. In this list of policies, choose the box next to **EC2InstanceProfileForImageBuilder**. (Type `ImageBuilder` in the search box if you need to narrow the list.)

1. Choose **Next: Tags**.

1. (Optional) Add one or more tag key value pairs to organize, track, or control access for this role, and then choose **Next: Review**.

1. For **Role name**, enter a name for the role, such as `InvokeDistributor` or another name that you prefer.

1. (Optional) For **Role description**, replace the default text with a description of this role's purpose.

1. Choose **Create role**. The system returns you to the **Roles** page.

**Step 3: Attach the policy to the role**  
The final step to set up your Distributor permissions is to attach the IAM policy to the IAM role.

1. From the **Roles** page in the IAM console, choose the role that you just created. The role **Summary page** opens.

1. Choose **Attach policies**.

1. Search for the policy that you created in the previous procedure and select the check box next to the name.

1. Choose **Attach policy**.

Use this role in the Image Builder Infrastructure Configuration resource for any image that includes components that use Systems Manager Distributor. For more information, see [Create an infrastructure configuration](create-infra-config.md).

## Configure `distributor-package-windows` as a standalone component
<a name="mgdcomponent-distributor-config-standalone"></a>

To use the `distributor-package-windows` component in a recipe, set the following parameters that configure the package to install.

**Note**  
Before you use the `distributor-package-windows` component in a recipe, you must ensure that all of the [Prerequisites](#mgdcomponent-distributor-prereq) are met.
+ **Action** (Required) – Specify whether to install or uninstall the package. Valid values include `Install` and `Uninstall`. The value defaults to `Install`.
+ **PackageName** (Required) – The name of the Distributor package to install or uninstall. For a list of valid package names, see [Find Distributor packages](#mgdcomponent-distributor-find-pkg).
+ **PackageVersion** (Optional) – The version of the Distributor package to install. PackageVersion defaults to the recommended version.
+ **AdditionalArguments** (Optional) – A JSON string that contains the additional parameters to provide to your script to install, uninstall, or update a package. For more information, see **additionalArguments** in the [aws:configurePackage](https://docs.aws.amazon.com/systems-manager/latest/userguide/documents-command-ssm-plugin-reference.html#aws-configurepackage) **Inputs** section of the **Systems Manager Command document plugin reference** page.

## Configure `aws-vss-components-windows` as a standalone component
<a name="mgdcomponent-vss-config-standalone"></a>

When you use the `aws-vss-components-windows` component in a recipe, you can optionally set the `PackageVersion` parameter to use a specific version of the `AwsVssComponents` package. When you leave out this parameter, the component defaults to use the recommended version of the `AwsVssComponents` package.

**Note**  
Before you use the `aws-vss-components-windows` component in a recipe, you must ensure that all of the [Prerequisites](#mgdcomponent-distributor-prereq) are met.

## Find Distributor packages
<a name="mgdcomponent-distributor-find-pkg"></a>

Amazon and third parties provide public packages that you can install with Systems Manager Distributor.

To view available packages in the AWS Management Console, log into the [AWS Systems Manager console](https://console.aws.amazon.com/systems-manager/;) and choose **Distributor** from the navigation pane. The **Distributor** page shows all of the packages that are available to you. For more information about listing available packages with the AWS CLI, see [View packages (command line)](https://docs.aws.amazon.com/systems-manager/latest/userguide/distributor-view-packages.html) in the *AWS Systems Manager User Guide*.

You can also create your own private Systems Manager Distributor packages. For more information, see [Create a package](https://docs.aws.amazon.com/systems-manager/latest/userguide/distributor-working-with-packages-create.html) in the *AWS Systems Manager User Guide*.

# CIS hardening components
<a name="toe-cis"></a>

The Center for Internet Security (CIS) is a community-driven nonprofit organization. Their cybersecurity experts work together to develop IT security guidelines that safeguard public and private organizations against cyber threats. Their globally recognized set of best practices, known as CIS Benchmarks, help IT organizations around the world to securely configure their systems. For trending articles, blog posts, podcasts, webinars, and whitepapers, see [CIS Insights](https://www.cisecurity.org/insights) on the *Center for Internet Security* website.

**CIS Benchmarks**  
CIS creates and maintains a set of configuration guidelines, known as the CIS Benchmarks, which provide configuration best practices for specific technologies, including operating systems, cloud platforms, applications, databases, and more. CIS Benchmarks are recognized as an industry standard by organizations and standards such as PCI DSS, HIPAA, DoD Cloud Computing SRG, FISMA, DFARS, and FEDRAMP. To learn more, see [CIS Benchmarks](https://www.cisecurity.org/benchmark) on the *Center for Internet Security* website.

**CIS hardening components**  
When you subscribe to a CIS Hardened Image in AWS Marketplace, you also get access to the associated hardening component that runs a script to enforce CIS Benchmarks Level 1 guidelines for your configuration. The CIS organization owns and maintains CIS hardening components to ensure that they reflect the latest guidelines.

**Note**  
CIS hardening components don't follow the standard component ordering rules in Image Builder recipes. The CIS hardening components always run last to ensure that the benchmark tests run against your output image.

# Amazon managed STIG hardening components for Image Builder
<a name="ib-stig"></a>

Security Technical Implementation Guides (STIGs) are the configuration hardening standards created by the Defense Information Systems Agency (DISA) to secure information systems and software. To make your systems compliant with STIG standards, you must install, configure, and test a variety of security settings.

Image Builder provides STIG hardening components to help you more efficiently build compliant images for baseline STIG standards. These STIG components scan for misconfigurations and run a remediation script. There are no additional charges for using STIG-compliant components.

**Important**  
With few exceptions, unless specified through parameters, STIG hardening components do not install third-party packages. If third-party packages are already installed on the instance, and if there are related STIGs that Image Builder supports for that package, the hardening component applies them.

This page lists all STIGs that Image Builder supports that are applied to the EC2 instances that Image Builder launches when you build and test a new image. If you want to apply additional STIG settings to your image, you can create a custom component to configure it. For more information about custom components and how to create them, see [Use components to customize your Image Builder image](manage-components.md).

When you create an image, the STIG hardening components log whether supported STIGs are applied or skipped. We recommend that you review the Image Builder logs for your images that use STIG hardening components. For more information about how to access and review Image Builder logs, see [Troubleshoot pipeline builds](troubleshooting.md#troubleshooting-pipelines).

**Compliance levels**
+ **High (Category I) **

  The most severe risk. Includes any vulnerability that can result in loss of confidentiality, availability, or integrity.
+ **Medium (Category II) **

  Includes any vulnerability that can result in loss of confidentiality, availability, or integrity, but the risks can be mitigated.
+ **Low (Category III) **

  Any vulnerability that degrades measures to protect against loss of confidentiality, availability, or integrity.

**Topics**
+ [Windows STIG hardening components](#windows-os-stig)
+ [STIG version history log for Windows](#ib-windows-version-hist)
+ [Linux STIG hardening components](#linux-os-stig)
+ [STIG version history log for Linux](#ib-linux-version-hist)
+ [SCAP compliance validator component](#scap-compliance)

## Windows STIG hardening components
<a name="windows-os-stig"></a>

AWSTOE Windows STIG hardening components are designed for standalone servers and apply Local Group Policy. STIG-compliant hardening components install and update the Department of Defense (DoD) certificates. They also remove unnecessary certificates to maintain STIG compliance. Currently, STIG baselines are supported for the following versions of Windows Server: 2012 R2, 2016, 2019, 2022, and 2025.

This section lists current settings for each of the Windows STIG hardening components, followed by a version history log.

### Windows STIG Low (Category III)
<a name="ib-windows-stig-low"></a>

The following list contains STIG settings that the hardening component applies to your infrastructure. If a supported setting isn't applicable for your infrastructure, the hardening component skips that setting, and moves on. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings the hardening component applies, such as a requirement for administrators to review document settings.

For a complete list of Windows STIGs, see the [STIGs Document Library](https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=windows). For information about how to view the complete list, see [STIG Viewing Tools](https://public.cyber.mil/stigs/srg-stig-tools/).
+ **Windows Server 2025 STIG Version 1 Release 1**

  V-278082, V-278083, V-278084, V-278085, V-278098, V-278104, V-278110, and V-278231
+ **Windows Server 2022 STIG Version 2 Release 7**

  V-254335, V-254336, V-254337, V-254338, V-254351, V-254357, V-254363, and V-254481
+ **Windows Server 2019 STIG Version 3 Release 7**

  V-205691, V-205819, V-205858, V-205859, V-205860, V-205870, V-205871, and V-205923
+ **Windows Server 2016 STIG Version 2 Release 10**

  V-224916, V-224917, V-224918, V-224919, V-224931, V-224942, and V-225060
+ **Windows Server 2012 R2 MS STIG Version 3 Release 5**

  V-225250, V-225318, V-225319, V-225324, V-225327, V-225328, V-225330, V-225331, V-225332, V-225333, V-225334, V-225335, V-225336, V-225342, V-225343, V-225355, V-225357, V-225358, V-225359, V-225360, V-225362, V-225363, V-225376, V-225392, V-225394, V-225412, V-225459, V-225460, V-225462, V-225468, V-225473, V-225476, V-225479, V-225480, V-225481, V-225482, V-225483, V-225484, V-225485, V-225487, V-225488, V-225489, V-225490, V-225511, V-225514, V-225525, V-225526, V-225536, and V-225537
+ **Microsoft .NET Framework 4.0 STIG Version 2 Release 7**

  No STIG settings are applied to the Microsoft .NET Framework for Category III vulnerabilities.
+ **Windows Firewall STIG Version 2 Release 2**

  V-241994, V-241995, V-241996, V-241999, V-242000, V-242001, V-242006, V-242007, and V-242008
+ **Internet Explorer 11 STIG Version 2 Release 6**

  V-223056 and V-223078
+ **Microsoft Edge STIG Version 2 Release 4 (Windows Server 2022 and 2025 only)**

  V-235727, V-235731, V-235751, V-235752, and V-235765
+ **Microsoft Defender STIG Version 2 Release 7**

  No STIG settings are applied to the Microsoft Antivirus for Category III vulnerabilities.

### Windows STIG Medium (Category II)
<a name="ib-windows-stig-medium"></a>

The following list contains STIG settings that the hardening component applies to your infrastructure. If a supported setting isn't applicable for your infrastructure, the hardening component skips that setting, and moves on. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings the hardening component applies, such as a requirement for administrators to review document settings.

For a complete list of Windows STIGs, see the [STIGs Document Library](https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=windows). For information about how to view the complete list, see [STIG Viewing Tools](https://public.cyber.mil/stigs/srg-stig-tools/).

**Note**  
The Windows STIG Medium hardening components include all listed STIG settings that AWSTOE applies for Windows STIG Low hardening components, in addition to the STIG settings that are listed specifically for Category II vulnerabilities.
+ **Windows Server 2025 STIG Version 1 Release 1**

  Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities, plus:

  V-278015, V-278016, V-278019, V-278020, V-278021, V-278022, V-278023, V-278024, V-278025, V-278026, V-278033, V-278034, V-278035, V-278036, V-278037, V-278038, V-278039, V-278047, V-278048, V-278049, V-278050, V-278051, V-278052, V-278053, V-278054, V-278055, V-278056, V-278057, V-278058, V-278059, V-278060, V-278061, V-278062, V-278063, V-278064, V-278065, V-278066, V-278067, V-278068, V-278069, V-278070, V-278071, V-278072, V-278073, V-278074, V-278075, V-278076, V-278077, V-278078, V-278079, V-278080, V-278086, V-278088, V-278089, V-278091, V-278092, V-278093, V-278094, V-278095, V-278096, V-278097, V-278102, V-278103, V-278105, V-278106, V-278107, V-278108, V-278109, V-278111, V-278112, V-278113, V-278114, V-278115, V-278116, V-278117, V-278118, V-278119, V-278120, V-278122, V-278123, V-278124, V-278126, V-278127, V-278129, V-278130, V-278131, V-278165, V-278168, V-278169, V-278170, V-278171, V-278174, V-278180, V-278181, V-278182, V-278183, V-278184, V-278185, V-278187, V-278188, V-278189, V-278192, V-278193, V-278194, V-278195, V-278198, V-278199, V-278200, V-278201, V-278202, V-278203, V-278204, V-278205, V-278206, V-278209, V-278210, V-278211, V-278212, V-278213, V-278214, V-278218, V-278220, V-278221, V-278222, V-278223, V-278226, V-278227, V-278228, V-278229, V-278230, V-278232, V-278233, V-278234, V-278235, V-278236, V-278237, V-278238, V-278239, V-278240, V-278241, V-278243, V-278244, V-278245, V-278247, V-278248, V-278249, V-278251, V-278252, V-278253, V-278254, V-278255, V-278256, V-278257, V-278258, V-278259, V-278260, V-278261, V-278262, V-279916, V-279917, V-279918, V-279919, V-279920, V-279921, V-279922, and V-279923
+ **Windows Server 2022 STIG Version 2 Release 7**

  Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities, plus:

  V-254247, V-254269, V-254270, V-254271, V-254272, V-254273, V-254274, V-254275, V-254276, V-254277, V-254278, V-254285, V-254286, V-254287, V-254288, V-254289, V-254290, V-254291, V-254292, V-254296, V-254297, V-254298, V-254299, V-254300, V-254301, V-254302, V-254303, V-254304, V-254305, V-254307, V-254309, V-254311, V-254312, V-254313, V-254314, V-254315, V-254316, V-254319, V-254320, V-254321, V-254322, V-254323, V-254324, V-254325, V-254326, V-254327, V-254328, V-254329, V-254330, V-254331, V-254332, V-254333, V-254334, V-254339, V-254341, V-254342, V-254344, V-254345, V-254346, V-254347, V-254348, V-254349, V-254350, V-254355, V-254356, V-254358, V-254359, V-254360, V-254361, V-254362, V-254364, V-254365, V-254366, V-254367, V-254368, V-254369, V-254370, V-254371, V-254372, V-254373, V-254375, V-254376, V-254377, V-254379, V-254380, V-254382, V-254383, V-254384, V-254431, V-254433, V-254434, V-254435, V-254436, V-254438, V-254439, V-254440, V-254442, V-254443, V-254444, V-254445, V-254447, V-254448, V-254449, V-254450, V-254451, V-254452, V-254453, V-254454, V-254455, V-254456, V-254459, V-254460, V-254461, V-254462, V-254463, V-254464, V-254468, V-254470, V-254471, V-254472, V-254473, V-254476, V-254477, V-254478, V-254479, V-254480, V-254482, V-254483, V-254484, V-254485, V-254486, V-254487, V-254488, V-254489, V-254491, V-254493, V-254494, V-254495, V-254497, V-254498, V-254499, V-254501, V-254502, V-254503, V-254504, V-254505, V-254506, V-254507, V-254508, V-254509, V-254510, V-254511, V-254512, V-278942, V-278943, V-278944, V-278945, V-278946, V-278947, V-278948, and V-278949
+ **Windows Server 2019 STIG Version 3 Release 7**

  Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities, plus:

  V-205625, V-205626, V-205627, V-205629, V-205630, V-205633, V-205634, V-205635, V-205636, V-205637, V-205638, V-205639, V-205640, V-205641, V-205642, V-205643, V-205644, V-205648, V-205649, V-205650, V-205651, V-205652, V-205655, V-205656, V-205659, V-205660, V-205662, V-205671, V-205672, V-205673, V-205675, V-205676, V-205678, V-205679, V-205680, V-205681, V-205682, V-205683, V-205684, V-205685, V-205686, V-205687, V-205688, V-205689, V-205690, V-205692, V-205693, V-205694, V-205697, V-205698, V-205708, V-205709, V-205712, V-205714, V-205716, V-205717, V-205718, V-205719, V-205720, V-205722, V-205730, V-205731, V-205733, V-205747, V-205748, V-205749, V-205751, V-205752, V-205754, V-205755, V-205756, V-205758, V-205759, V-205760, V-205761, V-205762, V-205763, V-205764, V-205765, V-205766, V-205767, V-205768, V-205769, V-205770, V-205771, V-205772, V-205773, V-205774, V-205775, V-205776, V-205777, V-205778, V-205779, V-205780, V-205781, V-205782, V-205783, V-205784, V-205795, V-205796, V-205797, V-205798, V-205801, V-205808, V-205809, V-205810, V-205811, V-205812, V-205813, V-205814, V-205815, V-205816, V-205817, V-205821, V-205822, V-205823, V-205824, V-205825, V-205826, V-205827, V-205828, V-205830, V-205832, V-205833, V-205835, V-205836, V-205837, V-205838, V-205842, V-205861, V-205863, V-205865, V-205866, V-205867, V-205868, V-205869, V-205872, V-205873, V-205874, V-205909, V-205910, V-205911, V-205912, V-205915, V-205916, V-205917, V-205918, V-205920, V-205921, V-205922, V-205925, V-257503, V-278934, V-278935, V-278936, V-278937, V-278938, V-278939, V-278940, and V-278941
+ **Windows Server 2016 STIG Version 2 Release 10**

  Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities, plus:

  V-224850, V-224851, V-224852, V-224853, V-224854, V-224855, V-224856, V-224857, V-224858, V-224859, V-224866, V-224867, V-224868, V-224869, V-224870, V-224871, V-224872, V-224873, V-224877, V-224878, V-224879, V-224880, V-224881, V-224882, V-224883, V-224884, V-224885, V-224886, V-224888, V-224890, V-224892, V-224893, V-224894, V-224895, V-224896, V-224897, V-224900, V-224901, V-224902, V-224903, V-224904, V-224905, V-224906, V-224907, V-224908, V-224909, V-224910, V-224911, V-224912, V-224913, V-224914, V-224915, V-224920, V-224921, V-224922, V-224924, V-224925, V-224926, V-224927, V-224928, V-224929, V-224930, V-224935, V-224936, V-224937, V-224938, V-224939, V-224940, V-224941, V-224943, V-224944, V-224945, V-224946, V-224947, V-224948, V-224949, V-224951, V-224952, V-224953, V-224955, V-224956, V-224957, V-224959, V-224960, V-224962, V-224963, V-224965, V-224966, V-224967, V-224968, V-224969, V-224987, V-224988, V-224989, V-224995, V-224996, V-224997, V-224998, V-224999, V-225000, V-225001, V-225002, V-225003, V-225004, V-225005, V-225008, V-225009, V-225010, V-225011, V-225013, V-225014, V-225015, V-225016, V-225017, V-225018, V-225019, V-225020, V-225021, V-225022, V-225023, V-225024, V-225026, V-225027, V-225028, V-225029, V-225030, V-225031, V-225032, V-225033, V-225034, V-225035, V-225038, V-225039, V-225040, V-225041, V-225042, V-225043, V-225047, V-225049, V-225050, V-225051, V-225052, V-225055, V-225056, V-225057, V-225058, V-225059, V-225061, V-225062, V-225063, V-225064, V-225065, V-225066, V-225067, V-225068, V-225070, V-225072, V-225073, V-225074, V-225076, V-225077, V-225078, V-225080, V-225081, V-225082, V-225083, V-225084, V-225085, V-225086, V-225087, V-225088, V-225089, V-225092, V-225093, and V-257502
+ **Windows Server 2012 R2 MS STIG Version 3 Release 5**

  Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities, plus:

  V-225239, V-225259, V-225260, V-225261, V-225263, V-225264, V-225265, V-225266, V-225267, V-225268, V-225269, V-225270, V-225271, V-225272, V-225273, V-225275, V-225276, V-225277, V-225278, V-225279, V-225280, V-225281, V-225282, V-225283, V-225284, V-225285, V-225286, V-225287, V-225288, V-225289, V-225290, V-225291, V-225292, V-225293, V-225294, V-225295, V-225296, V-225297, V-225298, V-225299, V-225300, V-225301, V-225302, V-225303, V-225304, V-225305, V-225314, V-225315, V-225316, V-225317, V-225325, V-225326, V-225329, V-225337, V-225338, V-225339, V-225340, V-225341, V-225344, V-225345, V-225346, V-225347, V-225348, V-225349, V-225350, V-225351, V-225352, V-225353, V-225356, V-225367, V-225368, V-225369, V-225370, V-225371, V-225372, V-225373, V-225374, V-225375, V-225377, V-225378, V-225379, V-225380, V-225381, V-225382, V-225383, V-225384, V-225385, V-225386, V-225389, V-225391, V-225393, V-225395, V-225397, V-225398, V-225400, V-225401, V-225402, V-225404, V-225405, V-225406, V-225407, V-225408, V-225409, V-225410, V-225411, V-225413, V-225414, V-225415, V-225441, V-225442, V-225443, V-225448, V-225452, V-225453, V-225454, V-225455, V-225456, V-225457, V-225458, V-225461, V-225463, V-225464, V-225469, V-225470, V-225471, V-225472, V-225474, V-225475, V-225477, V-225478, V-225486, V-225494, V-225500, V-225501, V-225502, V-225503, V-225504, V-225506, V-225508, V-225509, V-225510, V-225513, V-225515, V-225516, V-225517, V-225518, V-225519, V-225520, V-225521, V-225522, V-225523, V-225524, V-225527, V-225528, V-225529, V-225530, V-225531, V-225532, V-225533, V-225534, V-225535, V-225538, V-225539, V-225540, V-225541, V-225542, V-225543, V-225544, V-225545, V-225546, V-225548, V-225549, V-225550, V-225551, V-225553, V-225554, V-225555, V-225557, V-225558, V-225559, V-225560, V-225561, V-225562, V-225563, V-225564, V-225565, V-225566, V-225567, V-225568, V-225569, V-225570, V-225571, V-225572, V-225573, and V-225574
+ **Microsoft .NET Framework 4.0 STIG Version 2 Release 7**

  Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities, plus:

  V-225223, V-225230, V-225235, and V-225238
+ **Windows Firewall STIG Version 2 Release 2**

  Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities, plus:

  V-241989, V-241990, V-241991, V-241993, V-241998, V-242003, V-242004, and V-242005
+ **Internet Explorer 11 STIG Version 2 Release 6**

  Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities, plus:

  V-223015, V-223017, V-223018, V-223019, V-223020, V-223021, V-223022, V-223023, V-223024, V-223025, V-223026, V-223027, V-223028, V-223029, V-223030, V-223031, V-223032, V-223033, V-223034, V-223035, V-223036, V-223037, V-223038, V-223039, V-223040, V-223041, V-223042, V-223043, V-223044, V-223045, V-223046, V-223048, V-223049, V-223050, V-223051, V-223052, V-223053, V-223054, V-223055, V-223057, V-223058, V-223059, V-223060, V-223061, V-223062, V-223063, V-223064, V-223065, V-223066, V-223067, V-223068, V-223069, V-223070, V-223071, V-223072, V-223073, V-223074, V-223075, V-223076, V-223077, V-223079, V-223080, V-223081, V-223082, V-223083, V-223084, V-223085, V-223086, V-223087, V-223088, V-223089, V-223090, V-223091, V-223092, V-223093, V-223094, V-223095, V-223096, V-223097, V-223098, V-223099, V-223100, V-223101, V-223102, V-223103, V-223104, V-223105, V-223106, V-223107, V-223108, V-223109, V-223110, V-223111, V-223112, V-223113, V-223114, V-223115, V-223116, V-223117, V-223118, V-223119, V-223120, V-223121, V-223123, V-223125, V-223126, V-223127, V-223128, V-223129, V-223130, V-223131, V-223132, V-223133, V-223134, V-223135, V-223136, V-223137, V-223138, V-223139, V-223140, V-223141, V-223142, V-223143, V-223144, V-223145, V-223146, V-223147, V-223148, V-223149, V-250540, and V-250541
+ **Microsoft Edge STIG Version 2 Release 4 (Windows Server 2022 and 2025 only)**

  Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities, plus:

  V-235720, V-235721, V-235723, V-235724, V-235725, V-235726, V-235728, V-235729, V-235730, V-235732, V-235733, V-235734, V-235735, V-235736, V-235737, V-235738, V-235739, V-235740, V-235741, V-235742, V-235743, V-235744, V-235745, V-235746, V-235747, V-235748, V-235749, V-235750, V-235754, V-235756, V-235760, V-235761, V-235763, V-235764, V-235766, V-235767, V-235768, V-235769, V-235770, V-235771, V-235772, V-235773, V-235774, and V-246736
+ **Microsoft Defender STIG Version 2 Release 7**

  Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities, plus:

  V-213427, V-213429, V-213430, V-213431, V-213432, V-213433, V-213434, V-213435, V-213436, V-213437, V-213438, V-213439, V-213440, V-213441, V-213442, V-213443, V-213444, V-213445, V-213446, V-213447, V-213448, V-213449, V-213450, V-213451, V-213454, V-213455, V-213456, V-213457, V-213458, V-213459, V-213460, V-213461, V-213462, V-213463, V-213464, V-213465, V-213466, V-278647, V-278648, V-278649, V-278650, V-278651, V-278652, V-278653, V-278654, V-278655, V-278656, V-278658, V-278659, V-278660, V-278661, V-278662, V-278668, V-278669, V-278672, V-278674, V-278675, V-278676, V-278677, V-278678, V-278679, V-278680, and V-278863

### Windows STIG High (Category I)
<a name="ib-windows-stig-high"></a>

The following list contains STIG settings that the hardening component applies to your infrastructure. If a supported setting isn't applicable for your infrastructure, the hardening component skips that setting, and moves on. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings the hardening component applies, such as a requirement for administrators to review document settings.

For a complete list of Windows STIGs, see the [STIGs Document Library](https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=windows). For information about how to view the complete list, see [STIG Viewing Tools](https://public.cyber.mil/stigs/srg-stig-tools/).

**Note**  
The Windows STIG High hardening components include all listed STIG settings that AWSTOE applies for Windows STIG Low and Windows STIG Medium hardening components, in addition to the STIG settings that are listed specifically for Category I vulnerabilities.
+ **Windows Server 2025 STIG Version 1 Release 1**

  Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities, plus:

  V-278040, V-278099, V-278100, V-278101, V-278121, V-278125, V-278128, V-278196, V-278215, V-278216, V-278217, V-278219, V-278225, V-278242, V-278246, and V-278250
+ **Windows Server 2022 STIG Version 2 Release 7**

  Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities, plus:

  V-254250, V-254293, V-254352, V-254353, V-254354, V-254374, V-254378, V-254381, V-254446, V-254466, V-254467, V-254469, V-254474, V-254475, V-254492, V-254496, and V-254500
+ **Windows Server 2019 STIG Version 3 Release 7**

  Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities, plus:

  V-205653, V-205654, V-205663, V-205711, V-205713, V-205724, V-205725, V-205750, V-205753, V-205757, V-205802, V-205804, V-205805, V-205806, V-205849, V-205908, V-205914, and V-205919
+ **Windows Server 2016 STIG Version 2 Release 10**

  Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities, plus:

  V-224831, V-224874, V-224932, V-224933, V-224934, V-224954, V-224958, V-224961, V-225025, V-225045, V-225046, V-225048, V-225053, V-225054, V-225071, V-225079, and V-225091
+ **Windows Server 2012 R2 MS STIG Version 3 Release 5**

  Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities, plus:

  V-225274, V-225354, V-225364, V-225365, V-225366, V-225390, V-225396, V-225399, V-225444, V-225449, V-225491, V-225492, V-225493, V-225496, V-225497, V-225498, V-225505, V-225507, V-225547, V-225552, and V-225556
+ **Microsoft .NET Framework 4.0 STIG Version 2 Release 7**

  Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities for the Microsoft .NET Framework. No additional STIG settings apply for Category I vulnerabilities.
+ **Windows Firewall STIG Version 2 Release 2**

  Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities, plus:

  V-241992, V-241997, and V-242002
+ **Internet Explorer 11 STIG Version 2 Release 6**

  V-252910
+ **Microsoft Edge STIG Version 2 Release 4 (Windows Server 2022 and 2025 only)**

  Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities, plus:

  V-235758 and V-235759
+ **Microsoft Defender STIG Version 2 Release 7**

  Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities, plus:

  V-213426, V-213428, V-213452, and V-213453

## STIG version history log for Windows
<a name="ib-windows-version-hist"></a>

This section logs Windows hardening component version history for the quarterly STIG updates. To see the changes and published versions for a quarter, choose the title to expand the information.

### 2026 Q1 changes - 3/10/2026:
<a name="2026-q1-windows"></a>

Added support for Windows Server 2025 and updated all applicable STIGs to first quarter 2026.

**STIG-Build-Windows**
+ Windows Server 2025 STIG Version 1 Release 1
+ Windows Server 2022 STIG Version 2 Release 7
+ Windows Server 2019 STIG Version 3 Release 7
+ Windows Server 2016 STIG Version 2 Release 10
+ Windows Server 2012 R2 MS STIG Version 3 Release 5
+ Microsoft .NET Framework 4.0 STIG Version 2 Release 7
+ Windows Firewall STIG Version 2 Release 2
+ Internet Explorer 11 STIG Version 2 Release 8
+ Microsoft Edge STIG Version 2 Release 4 (Windows Server 2022 and 2025 only)

### 2025 Q3 changes - 9/04/2025 (no changes):
<a name="2025-q3-windows"></a>

There were no changes for Windows component STIGS for the 2025 third quarter release.

### 2025 Q2 changes - 06/26/2025:
<a name="2025-q2-windows"></a>

Updated STIG versions and applied STIGS for the 2025 Q2 release as follows:

**STIG-Build-Windows-Low version 2025.2.x**
+ Windows Server 2022 STIG Version 2 Release 4
+ Windows Server 2019 STIG Version 3 Release 4
+ Windows Server 2016 STIG Version 2 Release 10
+ Windows Server 2012 R2 MS STIG Version 3 Release 5
+ Microsoft .NET Framework 4.0 STIG Version 2 Release 6
+ Windows Firewall STIG Version 2 Release 2
+ Internet Explorer 11 STIG Version 2 Release 5
+ Microsoft Edge STIG Version 2 Release 2 (Windows Server 2022 only)

**STIG-Build-Windows-Medium version 2025.2.x**
+ Windows Server 2022 STIG Version 2 Release 4
+ Windows Server 2019 STIG Version 3 Release 4
+ Windows Server 2016 STIG Version 2 Release 10
+ Windows Server 2012 R2 MS STIG Version 3 Release 5
+ Microsoft .NET Framework 4.0 STIG Version 2 Release 6
+ Windows Firewall STIG Version 2 Release 2
+ Internet Explorer 11 STIG Version 2 Release 5
+ Microsoft Edge STIG Version 2 Release 2 (Windows Server 2022 only)
+ Defender STIG Version 2 Release 4

**STIG-Build-Windows-High version 2025.2.x**
+ Windows Server 2022 STIG Version 2 Release 4
+ Windows Server 2019 STIG Version 3 Release 4
+ Windows Server 2016 STIG Version 2 Release 10
+ Windows Server 2012 R2 MS STIG Version 3 Release 5
+ Microsoft .NET Framework 4.0 STIG Version 2 Release 6
+ Windows Firewall STIG Version 2 Release 2
+ Internet Explorer 11 STIG Version 2 Release 5
+ Microsoft Edge STIG Version 2 Release 2 (Windows Server 2022 only)
+ Defender STIG Version 2 Release 4

### 2025 Q1 changes - 05/04/2025:
<a name="2025-q1-windows"></a>

Updated STIGS for Internet Explorer 11 STIG Version 2 Release 5 for all STIG components for the 2025 first quarter release.
+ STIG-Build-Windows-Low version 2025.1.x
+ STIG-Build-Windows-Medium version 2025.1.x
+ STIG-Build-Windows-High version 2025.1.x

### 2024 Q4 changes - 02/04/2025:
<a name="2024-q4-windows"></a>

Updated STIG versions and applied STIGS for the 2024 Q4 release as follows:

**STIG-Build-Windows-Low version 2024.4.0**
+ Windows Server 2022 STIG Version 2 Release 2
+ Windows Server 2019 STIG Version 3 Release 2
+ Windows Server 2016 STIG Version 2 Release 9
+ Windows Server 2012 R2 MS STIG Version 3 Release 5
+ Microsoft .NET Framework 4.0 STIG Version 2 Release 2
+ Windows Firewall STIG Version 2 Release 2
+ Internet Explorer 11 STIG Version 2 Release 5
+ Microsoft Edge STIG Version 2 Release 2 (Windows Server 2022 only)

**STIG-Build-Windows-Medium version 2024.4.0**
+ Windows Server 2022 STIG Version 2 Release 2
+ Windows Server 2019 STIG Version 3 Release 2
+ Windows Server 2016 STIG Version 2 Release 9
+ Windows Server 2012 R2 MS STIG Version 3 Release 5
+ Microsoft .NET Framework 4.0 STIG Version 2 Release 2
+ Windows Firewall STIG Version 2 Release 2
+ Internet Explorer 11 STIG Version 2 Release 5
+ Microsoft Edge STIG Version 2 Release 2 (Windows Server 2022 only)
+ Defender STIG Version 2 Release 4

**STIG-Build-Windows-High version 2024.4.0**
+ Windows Server 2022 STIG Version 2 Release 2
+ Windows Server 2019 STIG Version 3 Release 2
+ Windows Server 2016 STIG Version 2 Release 9
+ Windows Server 2012 R2 MS STIG Version 3 Release 5
+ Microsoft .NET Framework 4.0 STIG Version 2 Release 2
+ Windows Firewall STIG Version 2 Release 2
+ Internet Explorer 11 STIG Version 2 Release 5
+ Microsoft Edge STIG Version 2 Release 2 (Windows Server 2022 only)
+ Defender STIG Version 2 Release 4

### 2024 Q3 changes - 10/04/2023 (no changes):
<a name="2024-q3-windows"></a>

There were no changes for Windows component STIGS for the 2024 third quarter release.

### 2024 Q2 changes - 05/10/2024 (no changes):
<a name="2024-q2-windows"></a>

There were no changes for Windows component STIGS for the 2024 second quarter release.

### 2024 Q1 changes - 02/06/2024 (no changes):
<a name="2024-q1-windows"></a>

There were no changes for Windows component STIGS for the 2024 first quarter release.

### 2023 Q4 changes - 12/04/2023 (no changes):
<a name="2023-q4-windows"></a>

There were no changes for Windows component STIGS for the 2023 fourth quarter release.

### 2023 Q3 changes - 10/04/2023 (no changes):
<a name="2023-q3-windows"></a>

There were no changes for Windows component STIGS for the 2023 third quarter release.

### 2023 Q2 changes - 05/03/2023 (no changes):
<a name="2023-q2-windows"></a>

There were no changes for Windows component STIGS for the 2023 second quarter release.

### 2023 Q1 changes - 03/27/2023 (no changes):
<a name="2023-q1-windows"></a>

There were no changes for Windows component STIGS for the 2023 first quarter release.

### 2022 Q4 changes - 02/01/2023:
<a name="2022-q4-windows"></a>

Updated STIG versions and applied STIGS for the 2022 Q4 release as follows:

**STIG-Build-Windows-Low version 2022.4.x**
+ Windows Server 2022 STIG Version 1 Release 1
+ Windows Server 2019 STIG Version 2 Release 5
+ Windows Server 2016 STIG Version 2 Release 5
+ Windows Server 2012 R2 MS STIG Version 3 Release 5
+ Microsoft .NET Framework 4.0 STIG Version 2 Release 2
+ Windows Firewall STIG Version 2 Release 1
+ Internet Explorer 11 STIG Version 2 Release 3
+ Microsoft Edge STIG Version 1 Release 6 (Windows Server 2022 only)

**STIG-Build-Windows-Medium version 2022.4.x**
+ Windows Server 2022 STIG Version 1 Release 1
+ Windows Server 2019 STIG Version 2 Release 5
+ Windows Server 2016 STIG Version 2 Release 5
+ Windows Server 2012 R2 MS STIG Version 3 Release 5
+ Microsoft .NET Framework 4.0 STIG Version 2 Release 2
+ Windows Firewall STIG Version 2 Release 1
+ Internet Explorer 11 STIG Version 2 Release 3
+ Microsoft Edge STIG Version 1 Release 6 (Windows Server 2022 only)
+ Defender STIG Version 2 Release 4 (Windows Server 2022 only)

**STIG-Build-Windows-High version 2022.4.x**
+ Windows Server 2022 STIG Version 1 Release 1
+ Windows Server 2019 STIG Version 2 Release 5
+ Windows Server 2016 STIG Version 2 Release 5
+ Windows Server 2012 R2 MS STIG Version 3 Release 5
+ Microsoft .NET Framework 4.0 STIG Version 2 Release 2
+ Windows Firewall STIG Version 2 Release 1
+ Internet Explorer 11 STIG Version 2 Release 3
+ Microsoft Edge STIG Version 1 Release 6 (Windows Server 2022 only)
+ Defender STIG Version 2 Release 4 (Windows Server 2022 only)

### 2022 Q3 changes - 09/30/2022 (no changes):
<a name="2022-q3-windows"></a>

There were no changes for Windows component STIGS for the 2022 third quarter release.

### 2022 Q2 changes - 08/02/2022:
<a name="2022-q2-windows"></a>

Updated STIG versions and applied STIGS for the 2022 Q2 release.

**STIG-Build-Windows-Low version 1.5.x**
+ Windows Server 2019 STIG Version 2 Release 4
+ Windows Server 2016 STIG Version 2 Release 4
+ Windows Server 2012 R2 MS STIG Version 3 Release 3
+ Microsoft .NET Framework 4.0 STIG Version 2 Release 1
+ Windows Firewall STIG Version 2 Release 1
+ Internet Explorer 11 STIG Version 1 Release 19

**STIG-Build-Windows-Medium version 1.5.x**
+ Windows Server 2019 STIG Version 2 Release 4
+ Windows Server 2016 STIG Version 2 Release 4
+ Windows Server 2012 R2 MS STIG Version 3 Release 3
+ Microsoft .NET Framework 4.0 STIG Version 2 Release 1
+ Windows Firewall STIG Version 2 Release 1
+ Internet Explorer 11 STIG Version 1 Release 19

**STIG-Build-Windows-High version 1.5.x**
+ Windows Server 2019 STIG Version 2 Release 4
+ Windows Server 2016 STIG Version 2 Release 4
+ Windows Server 2012 R2 MS STIG Version 3 Release 3
+ Microsoft .NET Framework 4.0 STIG Version 2 Release 1
+ Windows Firewall STIG Version 2 Release 1
+ Internet Explorer 11 STIG Version 1 Release 19

### 2022 Q1 changes - 08/02/2022 (no changes):
<a name="2022-q1-windows"></a>

There were no changes for Windows component STIGS for the 2022 first quarter release.

### 2021 Q4 changes - 12/20/2021:
<a name="2021-q4-windows"></a>

Updated STIG versions and applied STIGS for the 2021 fourth quarter release.

**STIG-Build-Windows-Low version 1.5.x**
+ Windows Server 2019 STIG Version 2 Release 3
+ Windows Server 2016 STIG Version 2 Release 3
+ Windows Server 2012 R2 MS STIG Version 3 Release 3
+ Microsoft .NET Framework 4.0 STIG Version 2 Release 1
+ Windows Firewall STIG Version 2 Release 1
+ Internet Explorer 11 STIG Version 1 Release 19

**STIG-Build-Windows-Medium version 1.5.x**
+ Windows Server 2019 STIG Version 2 Release 3
+ Windows Server 2016 STIG Version 2 Release 3
+ Windows Server 2012 R2 MS STIG Version 3 Release 3
+ Microsoft .NET Framework 4.0 STIG Version 2 Release 1
+ Windows Firewall STIG Version 2 Release 1
+ Internet Explorer 11 STIG Version 1 Release 19

**STIG-Build-Windows-High version 1.5.x**
+ Windows Server 2019 STIG Version 2 Release 3
+ Windows Server 2016 STIG Version 2 Release 3
+ Windows Server 2012 R2 MS STIG Version 3 Release 3
+ Microsoft .NET Framework 4.0 STIG Version 2 Release 1
+ Windows Firewall STIG Version 2 Release 1
+ Internet Explorer 11 STIG Version 1 Release 19

### 2021 Q3 changes - 09/30/2021:
<a name="2021-q3-windows"></a>

Updated STIG versions and applied STIGS for the 2021 third quarter release.

**STIG-Build-Windows-Low version 1.4.x**
+ Windows Server 2019 STIG Version 2 Release 2
+ Windows Server 2016 STIG Version 2 Release 2
+ Windows Server 2012 R2 MS STIG Version 3 Release 2
+ Microsoft .NET Framework 4.0 STIG Version 2 Release 1
+ Windows Firewall STIG Version 1 Release 7
+ Internet Explorer 11 STIG Version 1 Release 19

**STIG-Build-Windows-Medium version 1.4.x**
+ Windows Server 2019 STIG Version 2 Release 2
+ Windows Server 2016 STIG Version 2 Release 2
+ Windows Server 2012 R2 MS STIG Version 3 Release 2
+ Microsoft .NET Framework 4.0 STIG Version 2 Release 1
+ Windows Firewall STIG Version 1 Release 7
+ Internet Explorer 11 STIG Version 1 Release 19

**STIG-Build-Windows-High version 1.4.x**
+ Windows Server 2019 STIG Version 2 Release 2
+ Windows Server 2016 STIG Version 2 Release 2
+ Windows Server 2012 R2 MS STIG Version 3 Release 2
+ Microsoft .NET Framework 4.0 STIG Version 2 Release 1
+ Windows Firewall STIG Version 1 Release 7
+ Internet Explorer 11 STIG Version 1 Release 19

## Linux STIG hardening components
<a name="linux-os-stig"></a>

This section contains information about Linux STIG hardening components, followed by a version history log. If the Linux distribution doesn’t have STIG settings of its own, the hardening component applies RHEL settings.

The Linux components have optional input parameters that help you customize the following behaviors for your Linux instance.
+ **Level (string)**   If no value is specified, the default is `High` and will apply all aplicable Low, Medium, and High configurations.
+ **InstallPackages (string)**   If the value is `No`, the component does not install any additional software packages. If the value is `Yes`, the component installs additional software packages that are required for maximum compliance. The default is `No`.
+ **SetDoDConsentBanner (string)**   If the value is `No`, the DoD consent banner is not shown when you attach to an instance that has one of the STIG Linux components installed. If the value is `Yes`, the DoD consent banner is shown before you log in when you attach to an instance that has one of the STIG Linux components installed. You must acknowledge the banner before you can log in. The default is `No`.

  For an example of the consent banner, see the [Disclaimer Department of Defense Privacy and Consent Notice](https://dso.dla.mil/) that appears when you access the DLA Document Services website.

The hardening component applies supported STIG settings to the infrastructure based on the Linux distribution, as follows:

**Red Hat Enterprise Linux (RHEL) 7 STIG settings**
+ RHEL 7
+ CentOS 7
+ Amazon Linux 2 (AL2)

**RHEL 8 STIG settings**
+ RHEL 8
+ CentOS 8

**RHEL 9 STIG settings**
+ RHEL 9
+ CentOS Stream 9

### Linux STIG Low (Category III)
<a name="ib-linux-stig-low"></a>

The following list contains STIG settings that the hardening component applies to your infrastructure. If a supported setting isn't applicable for your infrastructure, the hardening component skips that setting, and moves on. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings the hardening component applies, such as a requirement for administrators to review document settings.

For a complete list, see the [STIGs Document Library](https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux). For information about how to view the complete list, see [STIG Viewing Tools](https://public.cyber.mil/stigs/srg-stig-tools/).

**RHEL 7 STIG Version 3 Release 15**
+ 

**RHEL 7/CentOS 7/AL2**  
V-204452, V-204576, and V-204605

**RHEL 8 STIG Version 2 Release 6**
+ 

**RHEL 8/CentOS 8**  
V-230241, V-230269, V-230270, V-230281, V-230285, V-230346, V-230381, V-230395, V-230468, V-230469, V-230485, V-230486, V-230491, V-230494, V-230495, V-230496, V-230497, V-230498, V-230499, and V-244527

**RHEL 9 STIG Version 2 Release 7**
+ 

**RHEL 9/CentOS Stream 9**  
V-257782, V-257824, V-258138, V-258037, V-257880, V-258069, V-258076, V-258067, V-257946, V-257947, V-257795, V-257796, and V-258173

**Amazon Linux 2023 STIG Version 1 Release 2**

V-274141

**SLES 12 STIG Version 3 Release 4**

V-217108, V-217113, V-217140, V-217198, V-217209, V-217211, V-217212, V-217213, V-217214, V-217215, V-217216, V-217236, V-217237, V-217238, V-217239, V-217282, and V-255915

**SLES 15 STIG Version 2 Release 6**

V-234811, V-234850, V-234868, V-234873, V-234905, V-234907, V-234908, V-234909, V-234933, V-234934, V-234935, V-234936, V-234955, V-234963, V-234967, and V-255921

**Ubuntu 18.04 STIG Version 2 Release 15**

V-219163, V-219164, V-219165, V-219172, V-219173, V-219174, V-219175, V-219178, V-219179, V-219180, V-219210, V-219301, V-219327, V-219332, and V-219333

**Ubuntu 20.04 STIG Version 2 Release 4**

V-238202, V-238203, V-238221, V-238222, V-238223, V-238224, V-238226, V-238234, V-238235, V-238237, V-238308, V-238323, V-238357, V-238362, and V-238373

**Ubuntu 22.04 STIG Version 2 Release 7**

V-260472, V-260476, V-260479, V-260480, V-260481, V-260520, V-260521, V-260549, V-260550, V-260551, V-260552, V-260581, and V-260596

**Ubuntu 24.04 STIG Version 1 Release 4**

V-270645, V-270646, V-270664, V-270677, V-270690, V-270695, V-270706, V-270710, V-270734, V-270749, V-270752, V-270818, and V-270820

### Linux STIG Medium (Category II)
<a name="ib-linux-stig-medium"></a>

The following list contains STIG settings that the hardening component applies to your infrastructure. If a supported setting isn't applicable for your infrastructure, the hardening component skips that setting, and moves on. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings the hardening component applies, such as a requirement for administrators to review document settings.

For a complete list, see the [STIGs Document Library](https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux). For information about how to view the complete list, see [STIG Viewing Tools](https://public.cyber.mil/stigs/srg-stig-tools/).

**Note**  
The Linux STIG Medium hardening components include all listed STIG settings that AWSTOE applies for Linux STIG Low hardening components, in addition to the STIG settings that are listed specifically for Category II vulnerabilities.

**RHEL 7 STIG Version 3 Release 15**

Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities for this Linux distribution, plus:
+ 

**RHEL 7/CentOS 7/AL2**  
V-204405, V-204406, V-204407, V-204408, V-204409, V-204410, V-204411, V-204412, V-204413, V-204414, V-204415, V-204416, V-204417, V-204418, V-204420, V-204422, V-204423, V-204426, V-204427, V-204431, V-204434, V-204435, V-204437, V-204449, V-204450, V-204451, V-204457, V-204466, V-204490, V-204491, V-204503, V-204507, V-204508, V-204510, V-204511, V-204512, V-204514, V-204515, V-204516, V-204517, V-204521, V-204524, V-204531, V-204536, V-204537, V-204538, V-204539, V-204540, V-204541, V-204542, V-204543, V-204544, V-204545, V-204546, V-204547, V-204548, V-204549, V-204550, V-204551, V-204552, V-204553, V-204554, V-204555, V-204556, V-204557, V-204558, V-204559, V-204560, V-204562, V-204563, V-204564, V-204565, V-204566, V-204567, V-204568, V-204572, V-204579, V-204584, V-204585, V-204587, V-204588, V-204589, V-204590, V-204591, V-204592, V-204593, V-204596, V-204597, V-204598, V-204599, V-204600, V-204601, V-204602, V-204609, V-204610, V-204611, V-204612, V-204613, V-204614, V-204615, V-204616, V-204617, V-204619, V-204622, V-204625, V-204630, V-204631, V-204633, V-233307, V-237634, V-237635, V-251703, V-255925, V-255927, V-255928, and V-256970

**RHEL 8 STIG Version 2 Release 6**

Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities for this Linux distribution, plus:
+ 

**RHEL 8/CentOS 8**  
V-230222, V-230228, V-230231, V-230233, V-230236, V-230237, V-230238, V-230239, V-230240, V-230240, V-230243, V-230244, V-230245, V-230246, V-230247, V-230248, V-230249, V-230250, V-230255, V-230256, V-230257, V-230258, V-230259, V-230260, V-230261, V-230262, V-230266, V-230267, V-230268, V-230271, V-230273, V-230275, V-230276, V-230277, V-230278, V-230279, V-230280, V-230282, V-230282, V-230286, V-230287, V-230288, V-230290, V-230291, V-230296, V-230298, V-230310, V-230311, V-230312, V-230313, V-230314, V-230315, V-230316, V-230318, V-230319, V-230320, V-230321, V-230322, V-230324, V-230325, V-230326, V-230327, V-230330, V-230332, V-230333, V-230335, V-230337, V-230339, V-230341, V-230343, V-230345, V-230347, V-230348, V-230352, V-230353, V-230354, V-230356, V-230357, V-230358, V-230359, V-230360, V-230361, V-230362, V-230363, V-230365, V-230366, V-230368, V-230369, V-230370, V-230372, V-230373, V-230375, V-230376, V-230377, V-230378, V-230380, V-230382, V-230383, V-230385, V-230386, V-230387, V-230389, V-230390, V-230392, V-230393, V-230394, V-230396, V-230397, V-230398, V-230399, V-230400, V-230401, V-230402, V-230403, V-230404, V-230405, V-230406, V-230407, V-230408, V-230409, V-230410, V-230411, V-230412, V-230413, V-230418, V-230419, V-230421, V-230422, V-230423, V-230424, V-230425, V-230426, V-230427, V-230428, V-230429, V-230430, V-230431, V-230432, V-230433, V-230434, V-230435, V-230436, V-230437, V-230438, V-230439, V-230444, V-230446, V-230447, V-230448, V-230449, V-230455, V-230456, V-230462, V-230463, V-230464, V-230465, V-230466, V-230467, V-230470, V-230471, V-230472, V-230473, V-230474, V-230475, V-230478, V-230480, V-230481, V-230482, V-230483, V-230488, V-230489, V-230493, V-230502, V-230503, V-230505, V-230506, V-230507, V-230523, V-230524, V-230525, V-230526, V-230527, V-230532, V-230535, V-230536, V-230537, V-230538, V-230539, V-230540, V-230541, V-230542, V-230543, V-230544, V-230545, V-230546, V-230547, V-230548, V-230549, V-230550, V-230555, V-230556, V-230557, V-230559, V-230560, V-230561, V-237640, V-237642, V-237643, V-244519, V-244523, V-244524, V-244525, V-244526, V-244528, V-244531, V-244533, V-244535, V-244536, V-244538, V-244539, V-244542, V-244543, V-244544, V-244545, V-244547, V-244550, V-244551, V-244552, V-244553, V-244554, V-250315, V-250315, V-250315, V-250316, V-250316, V-250317, V-251707, V-251708, V-251709, V-251710, V-251711, V-251713, V-251714, V-251715, V-251716, V-251717, V-251718, V-256974, V-257258, V-257258, V-274877, V-279929, V-279930, and V-279931

**RHEL 9 STIG Version 2 Release 7**

Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities for this Linux distribution, plus:
+ 

**RHEL 9/CentOS Stream 9**  
V-257780, V-257781, V-257783, V-257786, V-257788, V-257790, V-257791, V-257792, V-257793, V-257794, V-257797, V-257798, V-257799, V-257800, V-257801, V-257802, V-257803, V-257804, V-257805, V-257806, V-257807, V-257808, V-257809, V-257810, V-257811, V-257812, V-257813, V-257814, V-257815, V-257816, V-257817, V-257818, V-257825, V-257827, V-257828, V-257829, V-257830, V-257831, V-257832, V-257833, V-257834, V-257836, V-257838, V-257839, V-257840, V-257841, V-257842, V-257849, V-257882, V-257883, V-257884, V-257885, V-257886, V-257887, V-257888, V-257889, V-257890, V-257891, V-257892, V-257893, V-257894, V-257895, V-257896, V-257897, V-257898, V-257899, V-257900, V-257901, V-257902, V-257903, V-257904, V-257905, V-257906, V-257907, V-257908, V-257909, V-257910, V-257911, V-257912, V-257913, V-257914, V-257915, V-257916, V-257917, V-257918, V-257919, V-257920, V-257921, V-257922, V-257923, V-257924, V-257925, V-257926, V-257927, V-257928, V-257929, V-257930, V-257933, V-257934, V-257935, V-257936, V-257939, V-257940, V-257942, V-257943, V-257944, V-257948, V-257951, V-257952, V-257953, V-257954, V-257957, V-257958, V-257959, V-257960, V-257961, V-257962, V-257963, V-257964, V-257965, V-257966, V-257967, V-257968, V-257969, V-257970, V-257971, V-257972, V-257973, V-257974, V-257975, V-257976, V-257977, V-257978, V-257979, V-257980, V-257982, V-257983, V-257985, V-257987, V-257988, V-257992, V-257993, V-257994, V-257995, V-257996, V-257997, V-257998, V-257999, V-258000, V-258001, V-258002, V-258003, V-258004, V-258005, V-258006, V-258007, V-258008, V-258009, V-258010, V-258011, V-258028, V-258034, V-258035, V-258038, V-258039, V-258040, V-258041, V-258043, V-258046, V-258049, V-258052, V-258054, V-258055, V-258056, V-258057, V-258060, V-258063, V-258064, V-258065, V-258066, V-258068, V-258070, V-258071, V-258072, V-258073, V-258074, V-258075, V-258077, V-258079, V-258080, V-258081, V-258082, V-258083, V-258084, V-258085, V-258088, V-258089, V-258090, V-258091, V-258092, V-258093, V-258095, V-258097, V-258098, V-258099, V-258100, V-258101, V-258102, V-258103, V-258104, V-258105, V-258107, V-258108, V-258109, V-258110, V-258111, V-258112, V-258113, V-258114, V-258115, V-258116, V-258117, V-258118, V-258119, V-258120, V-258121, V-258122, V-258123, V-258124, V-258125, V-258126, V-258128, V-258129, V-258130, V-258133, V-258137, V-258140, V-258141, V-258142, V-258144, V-258145, V-258146, V-258147, V-258148, V-258150, V-258151, V-258152, V-258153, V-258154, V-258156, V-258157, V-258158, V-258159, V-258160, V-258161, V-258162, V-258163, V-258164, V-258165, V-258166, V-258167, V-258168, V-258169, V-258170, V-258171, V-258172, V-258175, V-258176, V-258177, V-258178, V-258179, V-258180, V-258181, V-258182, V-258183, V-258184, V-258185, V-258186, V-258187, V-258188, V-258189, V-258190, V-258191, V-258192, V-258193, V-258194, V-258195, V-258196, V-258197, V-258198, V-258199, V-258200, V-258201, V-258202, V-258203, V-258204, V-258205, V-258206, V-258207, V-258208, V-258209, V-258210, V-258211, V-258212, V-258213, V-258214, V-258215, V-258216, V-258217, V-258218, V-258219, V-258220, V-258221, V-258222, V-258223, V-258224, V-258225, V-258226, V-258227, V-258228, V-258229, V-258232, V-258233, V-258234, V-258237, V-258239, V-258240, V-270174, V-270175, V-270176, V-270177, V-272488, and V-279936

**Amazon Linux 2023 STIG Version 1 Release 2**

Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities for this Linux distribution, plus:

V-273995, V-274000, V-274001, V-274002, V-274003, V-274004, V-274005, V-274006, V-274008, V-274009, V-274010, V-274011, V-274012, V-274013, V-274014, V-274017, V-274018, V-274019, V-274020, V-274021, V-274022, V-274023, V-274024, V-274026, V-274027, V-274028, V-274030, V-274031, V-274032, V-274033, V-274034, V-274035, V-274036, V-274037, V-274040, V-274041, V-274042, V-274044, V-274045, V-274047, V-274048, V-274049, V-274050, V-274051, V-274053, V-274054, V-274059, V-274061, V-274062, V-274069, V-274070, V-274071, V-274072, V-274073, V-274074, V-274075, V-274076, V-274077, V-274078, V-274079, V-274081, V-274082, V-274083, V-274084, V-274085, V-274086, V-274087, V-274088, V-274089, V-274090, V-274091, V-274092, V-274093, V-274094, V-274095, V-274096, V-274097, V-274098, V-274099, V-274100, V-274101, V-274102, V-274103, V-274104, V-274105, V-274106, V-274107, V-274108, V-274109, V-274110, V-274111, V-274112, V-274113, V-274114, V-274115, V-274116, V-274117, V-274119, V-274120, V-274121, V-274122, V-274123, V-274124, V-274125, V-274126, V-274127, V-274128, V-274129, V-274130, V-274131, V-274132, V-274133, V-274134, V-274135, V-274136, V-274137, V-274138, V-274139, V-274140, V-274142, V-274143, V-274144, V-274145, V-274147, V-274149, V-274151, V-274152, V-274154, V-274155, V-274156, V-274157, V-274160, V-274161, V-274162, V-274163, V-274164, V-274165, V-274166, V-274167, V-274168, V-274169, V-274170, V-274173, V-274177, V-274181, V-274182, V-274185, and V-274187

**SLES 12 STIG Version 3 Release 4**

Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities for this Linux distribution, plus:

V-217102, V-217105, V-217105, V-217106, V-217106, V-217110, V-217116, V-217117, V-217118, V-217119, V-217120, V-217121, V-217122, V-217124, V-217125, V-217126, V-217127, V-217128, V-217130, V-217134, V-217138, V-217143, V-217147, V-217152, V-217153, V-217154, V-217155, V-217156, V-217158, V-217161, V-217163, V-217166, V-217167, V-217168, V-217169, V-217170, V-217171, V-217182, V-217183, V-217188, V-217190, V-217191, V-217194, V-217195, V-217196, V-217197, V-217200, V-217201, V-217202, V-217203, V-217204, V-217205, V-217206, V-217207, V-217208, V-217210, V-217217, V-217218, V-217223, V-217227, V-217230, V-217240, V-217241, V-217242, V-217243, V-217244, V-217245, V-217246, V-217247, V-217248, V-217249, V-217250, V-217251, V-217252, V-217253, V-217254, V-217255, V-217257, V-217258, V-217260, V-217265, V-217266, V-217267, V-217269, V-217272, V-217273, V-217274, V-217275, V-217276, V-217277, V-217278, V-217279, V-217280, V-217283, V-217284, V-217286, V-217287, V-217288, V-217289, V-217290, V-217291, V-217292, V-217293, V-217294, V-217295, V-217296, V-217299, V-217300, V-217301, V-217302, V-233308, V-237605, V-237606, V-237607, V-237608, V-237609, V-237610, V-237611, V-237612, V-237613, V-237614, V-237615, V-237616, V-237617, V-237618, V-237619, V-237620, V-237621, V-237622, V-237623, V-251720, V-251722, V-255914, and V-256981

**SLES 15 STIG Version 2 Release 6**

Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities for this Linux distribution, plus:

V-234802, V-234807, V-234808, V-234809, V-234813, V-234815, V-234817, V-234821, V-234822, V-234823, V-234825, V-234827, V-234828, V-234829, V-234830, V-234832, V-234833, V-234834, V-234835, V-234836, V-234837, V-234838, V-234839, V-234840, V-234841, V-234842, V-234843, V-234844, V-234845, V-234848, V-234854, V-234855, V-234856, V-234857, V-234858, V-234861, V-234862, V-234863, V-234869, V-234870, V-234875, V-234878, V-234880, V-234881, V-234882, V-234883, V-234884, V-234885, V-234886, V-234887, V-234888, V-234889, V-234891, V-234895, V-234896, V-234897, V-234899, V-234900, V-234901, V-234902, V-234903, V-234904, V-234906, V-234910, V-234911, V-234912, V-234913, V-234914, V-234918, V-234924, V-234928, V-234932, V-234937, V-234938, V-234939, V-234940, V-234941, V-234942, V-234943, V-234944, V-234945, V-234946, V-234947, V-234948, V-234949, V-234950, V-234951, V-234952, V-234954, V-234956, V-234957, V-234958, V-234959, V-234961, V-234962, V-234964, V-234966, V-234969, V-234973, V-234975, V-234976, V-234977, V-234978, V-234979, V-234981, V-234982, V-234983, V-234991, V-235002, V-235003, V-235007, V-235008, V-235009, V-235010, V-235013, V-235014, V-235015, V-235016, V-235017, V-235018, V-235019, V-235020, V-235021, V-235022, V-235023, V-235024, V-235025, V-235026, V-235028, V-235029, V-235030, V-251724, V-255920, V-256983, and V-274879

**Ubuntu 18.04 STIG Version 2 Release 15**

Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities for this Linux distribution, plus:

V-219149, V-219155, V-219156, V-219160, V-219166, V-219168, V-219176, V-219181, V-219184, V-219186, V-219188, V-219189, V-219190, V-219191, V-219192, V-219193, V-219194, V-219195, V-219196, V-219197, V-219198, V-219199, V-219200, V-219201, V-219202, V-219203, V-219204, V-219205, V-219206, V-219207, V-219208, V-219209, V-219213, V-219214, V-219215, V-219216, V-219217, V-219218, V-219219, V-219220, V-219221, V-219222, V-219223, V-219224, V-219225, V-219226, V-219227, V-219228, V-219229, V-219230, V-219231, V-219232, V-219233, V-219234, V-219235, V-219236, V-219238, V-219239, V-219240, V-219241, V-219242, V-219243, V-219244, V-219250, V-219254, V-219257, V-219263, V-219264, V-219265, V-219266, V-219267, V-219268, V-219269, V-219270, V-219271, V-219272, V-219273, V-219274, V-219275, V-219276, V-219277, V-219279, V-219281, V-219287, V-219291, V-219296, V-219297, V-219298, V-219299, V-219300, V-219303, V-219304, V-219306, V-219309, V-219310, V-219311, V-219315, V-219318, V-219319, V-219323, V-219326, V-219328, V-219330, V-219331, V-219335, V-219336, V-219337, V-219338, V-219339, V-219342, V-219344, V-233779, V-233780, and V-255906

**Ubuntu 20.04 STIG Version 2 Release 4**

Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities for this Linux distribution, plus:

V-238200, V-238205, V-238207, V-238209, V-238210, V-238211, V-238212, V-238213, V-238220, V-238225, V-238227, V-238228, V-238229, V-238230, V-238231, V-238232, V-238236, V-238238, V-238239, V-238240, V-238241, V-238242, V-238244, V-238245, V-238246, V-238247, V-238248, V-238249, V-238250, V-238251, V-238252, V-238253, V-238254, V-238255, V-238256, V-238257, V-238258, V-238264, V-238268, V-238271, V-238277, V-238278, V-238279, V-238280, V-238281, V-238282, V-238283, V-238284, V-238285, V-238286, V-238287, V-238288, V-238289, V-238290, V-238291, V-238292, V-238293, V-238294, V-238295, V-238297, V-238298, V-238299, V-238300, V-238301, V-238302, V-238303, V-238304, V-238309, V-238310, V-238315, V-238316, V-238317, V-238318, V-238319, V-238320, V-238324, V-238325, V-238329, V-238330, V-238333, V-238334, V-238337, V-238338, V-238339, V-238340, V-238341, V-238342, V-238343, V-238344, V-238345, V-238346, V-238347, V-238348, V-238349, V-238350, V-238351, V-238352, V-238353, V-238355, V-238356, V-238359, V-238360, V-238369, V-238370, V-238371, V-238376, V-238377, V-238378, V-251505, V-255912, V-274852, and V-274853

**Ubuntu 22.04 STIG Version 2 Release 7**

Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities for this Linux distribution, plus:

V-260471, V-260473, V-260474, V-260475, V-260475, V-260477, V-260478, V-260485, V-260486, V-260487, V-260488, V-260489, V-260490, V-260491, V-260492, V-260493, V-260494, V-260495, V-260496, V-260497, V-260498, V-260499, V-260500, V-260505, V-260506, V-260507, V-260508, V-260509, V-260510, V-260511, V-260512, V-260513, V-260514, V-260522, V-260527, V-260528, V-260530, V-260533, V-260534, V-260535, V-260537, V-260538, V-260540, V-260542, V-260543, V-260545, V-260546, V-260547, V-260553, V-260554, V-260555, V-260556, V-260557, V-260560, V-260561, V-260562, V-260563, V-260564, V-260565, V-260566, V-260567, V-260569, V-260572, V-260573, V-260574, V-260575, V-260576, V-260582, V-260584, V-260585, V-260586, V-260588, V-260589, V-260590, V-260591, V-260594, V-260597, V-260598, V-260599, V-260600, V-260601, V-260602, V-260603, V-260604, V-260605, V-260606, V-260607, V-260608, V-260609, V-260610, V-260611, V-260612, V-260613, V-260614, V-260615, V-260616, V-260617, V-260618, V-260619, V-260620, V-260621, V-260622, V-260623, V-260624, V-260625, V-260626, V-260627, V-260628, V-260629, V-260630, V-260631, V-260632, V-260633, V-260634, V-260635, V-260636, V-260637, V-260638, V-260639, V-260640, V-260641, V-260642, V-260643, V-260644, V-260645, V-260646, V-260647, V-260648, V-260649, V-274862, V-274864, and V-274866

**Ubuntu 24.04 STIG Version 1 Release 4**

Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities for this Linux distribution, plus:

V-270649, V-270651, V-270652, V-270653, V-270654, V-270656, V-270657, V-270659, V-270660, V-270661, V-270662, V-270663, V-270669, V-270672, V-270673, V-270674, V-270676, V-270678, V-270679, V-270680, V-270681, V-270683, V-270684, V-270685, V-270686, V-270687, V-270688, V-270689, V-270692, V-270693, V-270696, V-270697, V-270698, V-270699, V-270700, V-270701, V-270702, V-270703, V-270704, V-270705, V-270709, V-270715, V-270716, V-270718, V-270720, V-270721, V-270722, V-270723, V-270724, V-270725, V-270726, V-270727, V-270728, V-270729, V-270730, V-270731, V-270732, V-270733, V-270737, V-270739, V-270740, V-270741, V-270742, V-270743, V-270746, V-270750, V-270753, V-270755, V-270756, V-270757, V-270758, V-270759, V-270760, V-270765, V-270766, V-270767, V-270768, V-270769, V-270770, V-270771, V-270772, V-270773, V-270775, V-270776, V-270777, V-270778, V-270779, V-270780, V-270781, V-270782, V-270783, V-270784, V-270785, V-270786, V-270787, V-270788, V-270789, V-270790, V-270791, V-270792, V-270793, V-270794, V-270795, V-270796, V-270797, V-270798, V-270799, V-270800, V-270801, V-270802, V-270803, V-270804, V-270805, V-270806, V-270807, V-270808, V-270809, V-270810, V-270811, V-270812, V-270813, V-270814, V-270815, V-270821, V-270822, V-270823, V-270824, V-270825, V-270826, V-270827, V-270828, V-270829, V-270830, V-270831, V-270832, V-274870, V-274871, V-274872, and V-274873

### Linux STIG High (Category I)
<a name="ib-linux-stig-high"></a>

The following list contains STIG settings that the hardening component applies to your infrastructure. If a supported setting isn't applicable for your infrastructure, the hardening component skips that setting, and moves on. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings the hardening component applies, such as a requirement for administrators to review document settings.

For a complete list, see the [STIGs Document Library](https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux). For information about how to view the complete list, see [STIG Viewing Tools](https://public.cyber.mil/stigs/srg-stig-tools/).

**Note**  
The Linux STIG High hardening components include all listed STIG settings that AWSTOE applies for Linux STIG Low and Linux STIG Medium hardening components, in addition to the listed STIG settings that apply specifically for Category I vulnerabilities.

**RHEL 7 STIG Version 3 Release 15**

Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities for this Linux distribution, plus:
+ 

**RHEL 7/CentOS 7/AL2**  
V-204424, V-204425, V-204442, V-204443, V-204447, V-204448, V-204455, V-204462, V-204497, V-204497, V-204502, V-204594, V-204620, and V-204621

**RHEL 8 STIG Version 2 Release 6**

Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities for this Linux distribution, plus:
+ 

**RHEL 8/CentOS 8**  
V-230223, V-230264, V-230283, V-230284, V-230487, V-230492, V-230533, V-230558, V-244540, V-279933, V-230265, V-230226, V-230530, V-268322, V-230529, and V-230531

**RHEL 9 STIG Version 2 Release 7**

Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities for this Linux distribution, plus:
+ 

**RHEL 9/CentOS Stream 9**  
V-257820, V-257821, V-257826, V-257835, V-257955, V-257956, V-258059, V-258230, V-258238, V-257984, V-257986, V-258078, V-258094, V-258235, V-257784, and V-257785

**Amazon Linux 2023 STIG Version 1 Release 2**

Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities for this Linux distribution, plus:

V-273996, V-273997, V-273999, V-274007, V-274038, V-274039, V-274046, V-274052, V-274057, and V-274153

**SLES 12 STIG Version 3 Release 4**

Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities for this Linux distribution, plus:

 V-217101, V-217139, V-217141, V-217142, V-217159, V-217160, V-217164, V-217264, V-217268, V-222386, and V-251721

**SLES 15 STIG Version 2 Release 6**

Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities for this Linux distribution, plus:

V-234800, V-234804, V-234818, V-234852, V-234859, V-234860, V-234898, V-234984, V-234985, V-234988, V-234989, V-234990, V-235031, V-235032, and V-251725

**Ubuntu 18.04 STIG Version 2 Release 15**

Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities for this Linux distribution, plus:

V-219157, V-219158, V-219177, V-219212, V-219308, V-219314, V-219316, and V-251507

**Ubuntu 20.04 STIG Version 2 Release 4**

Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities for this Linux distribution, plus:

V-238201, V-238218, V-238219, V-238326, V-238327, V-238380, and V-251504

**Ubuntu 22.04 STIG Version 2 Release 7**

Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities for this Linux distribution, plus:

V-260469, V-260482, V-260483, V-260523, V-260524, V-260526, V-260529, V-260539, V-260570, V-260571, V-260579, and V-279937

**Ubuntu 24.04 STIG Version 1 Release 4**

Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities for this Linux distribution, plus:

V-270647, V-270648, V-270665, V-270666, V-270708, V-270711, V-270712, V-270713, V-270714, V-270717, V-270736, V-270738, and V-279938

## STIG version history log for Linux
<a name="ib-linux-version-hist"></a>

This section logs Linux component version history. To see the changes and published versions for a quarter, choose the title to expand the information.

### 2026 Q1 changes - 3/10/2026:
<a name="2026-q1-linux"></a>

Updated the following STIG versions, applied STIGs for the 2026 first quarter release for all compliance levels:

**STIG-Build-Linux**
+ RHEL 8 STIG Version 2 Release 6
+ RHEL 9 STIG Version 2 Release 7
+ Amazon Linux 2023 STIG Version 1 Release 2
+ SLES 12 STIG Version 3 Release 4
+ SLES 15 STIG Version 2 Release 6
+ Ubuntu 20.04 STIG Version 2 Release 4
+ Ubuntu 22.04 STIG Version 2 Release 7
+ Ubuntu 24.04 STIG Version 1 Release 4

### 2025 Q3 changes - 09/04/2025:
<a name="2025-q3-linux"></a>

Added support for the SUSE Linux Enterprise Server (SLES) operating system and Amazon Linux 2023. Updated the following STIG versions and applied STIGS for the 2025 third quarter release for all compliance levels (low/medium/high):
+ RHEL 7 STIG Version 3 Release 15
+ RHEL 8 STIG Version 2 Release 4
+ RHEL 9 STIG Version 2 Release 5
+ Amazon Linux 2023 STIG Version 1 Release 1
+ SLES 12 STIG Version 3 Release 3
+ SLES 15 STIG Version 2 Release 5
+ Ubuntu 18.04 STIG Version 2 Release 15
+ Ubuntu 20.04 STIG Version 2 Release 3
+ Ubuntu 22.04 STIG Version 2 Release 5
+ Ubuntu 24.04 STIG Version 1 Release 2

### 2025 Q2 changes - 06/26/2025:
<a name="2025-q2-linux"></a>

Updated the following STIG versions, applied STIGS for the 2025 second quarter release:

**STIG-Build-Linux-Low version 2025.2.x**
+ RHEL 7 STIG Version 3 Release 15
+ RHEL 8 STIG Version 2 Release 3
+ RHEL 9 STIG Version 2 Release 4
+ Ubuntu 18.04 STIG Version 2 Release 15
+ Ubuntu 20.04 STIG Version 2 Release 2
+ Ubuntu 22.04 STIG Version 2 Release 4
+ Ubuntu 24.04 STIG Version 1 Release 1

**STIG-Build-Linux-Medium version 2025.2.x**
+ RHEL 7 STIG Version 3 Release 15
+ RHEL 8 STIG Version 2 Release 3
+ RHEL 9 STIG Version 2 Release 4
+ Ubuntu 18.04 STIG Version 2 Release 15
+ Ubuntu 20.04 STIG Version 2 Release 2
+ Ubuntu 22.04 STIG Version 2 Release 4
+ Ubuntu 24.04 STIG Version 1 Release 1

**STIG-Build-Linux-High version 2025.2.x**
+ RHEL 7 STIG Version 3 Release 15
+ RHEL 8 STIG Version 2 Release 3
+ RHEL 9 STIG Version 2 Release 4
+ Ubuntu 18.04 STIG Version 2 Release 15
+ Ubuntu 20.04 STIG Version 2 Release 2
+ Ubuntu 22.04 STIG Version 2 Release 4
+ Ubuntu 24.04 STIG Version 1 Release 1

### 2025 Q1 changes - 04/11/2025:
<a name="2025-q1-linux"></a>

Updated the following STIG versions, applied STIGS for the 2025 first quarter release, and added support for Ubuntu 24.04:

**STIG-Build-Linux-Low version 2025.1.x**
+ RHEL 7 STIG Version 3 Release 15
+ RHEL 8 STIG Version 2 Release 2
+ RHEL 9 STIG Version 2 Release 3
+ Ubuntu 18.04 STIG Version 2 Release 15
+ Ubuntu 20.04 STIG Version 2 Release 2
+ Ubuntu 22.04 STIG Version 2 Release 3
+ Ubuntu 24.04 STIG Version 1 Release 1

**STIG-Build-Linux-Medium version 2025.1.x**
+ RHEL 7 STIG Version 3 Release 15
+ RHEL 8 STIG Version 2 Release 2
+ RHEL 9 STIG Version 2 Release 3
+ Ubuntu 18.04 STIG Version 2 Release 15
+ Ubuntu 20.04 STIG Version 2 Release 2
+ Ubuntu 22.04 STIG Version 2 Release 3
+ Ubuntu 24.04 STIG Version 1 Release 1

**STIG-Build-Linux-High version 2025.1.x**
+ RHEL 7 STIG Version 3 Release 15
+ RHEL 8 STIG Version 2 Release 2
+ RHEL 9 STIG Version 2 Release 3
+ Ubuntu 18.04 STIG Version 2 Release 15
+ Ubuntu 20.04 STIG Version 2 Release 2
+ Ubuntu 22.04 STIG Version 2 Release 3
+ Ubuntu 24.04 STIG Version 1 Release 1

### 2024 Q4 changes - 12/10/2024:
<a name="2024-q4-linux"></a>

Updated the following STIG versions, applied STIGS for the 2024 fourth quarter release, and added information about two new input parameters for the Linux components:

**STIG-Build-Linux-Low version 2024.4.x**
+ RHEL 7 STIG Version 3 Release 15
+ RHEL 8 STIG Version 2 Release 1
+ RHEL 9 STIG Version 2 Release 2
+ Ubuntu 18.04 STIG Version 2 Release 15
+ Ubuntu 20.04 STIG Version 2 Release 1
+ Ubuntu 22.04 STIG Version 2 Release 2

**STIG-Build-Linux-Medium version 2024.4.x**
+ RHEL 7 STIG Version 3 Release 15
+ RHEL 8 STIG Version 2 Release 1
+ RHEL 9 STIG Version 2 Release 2
+ Ubuntu 18.04 STIG Version 2 Release 15
+ Ubuntu 20.04 STIG Version 2 Release 1
+ Ubuntu 22.04 STIG Version 2 Release 2

**STIG-Build-Linux-High version 2024.4.x**
+ RHEL 7 STIG Version 3 Release 15
+ RHEL 8 STIG Version 2 Release 1
+ RHEL 9 STIG Version 2 Release 2
+ Ubuntu 18.04 STIG Version 2 Release 15
+ Ubuntu 20.04 STIG Version 2 Release 1
+ Ubuntu 22.04 STIG Version 2 Release 2

### 2024 Q3 changes - 10/04/2024 (no changes):
<a name="2024-q3-linux"></a>

There were no changes for Linux component STIGS for the 2024 third quarter release.

### 2024 Q2 changes - 05/10/2024:
<a name="2024-q2-linux"></a>

Updated STIG versions and applied STIGS for the 2024 second quarter release. Also added support for RHEL 9, CentOS Stream 9, and Ubuntu 22.04, as follows:

**STIG-Build-Linux-Low version 2024.2.x**
+ RHEL 7 STIG Version 3 Release 14
+ RHEL 8 STIG Version 1 Release 14
+ RHEL 9 STIG Version 1 Release 3
+ Ubuntu 18.04 STIG Version 2 Release 14
+ Ubuntu 20.04 STIG Version 1 Release 12
+ Ubuntu 22.04 STIG Version 1 Release 1

**STIG-Build-Linux-Medium version 2024.2.x**
+ RHEL 7 STIG Version 3 Release 14
+ RHEL 8 STIG Version 1 Release 14
+ RHEL 9 STIG Version 1 Release 3
+ Ubuntu 18.04 STIG Version 2 Release 14
+ Ubuntu 20.04 STIG Version 1 Release 12
+ Ubuntu 22.04 STIG Version 1 Release 1

**STIG-Build-Linux-High version 2024.2.x**
+ RHEL 7 STIG Version 3 Release 14
+ RHEL 8 STIG Version 1 Release 14
+ RHEL 9 STIG Version 1 Release 3
+ Ubuntu 18.04 STIG Version 2 Release 14
+ Ubuntu 20.04 STIG Version 1 Release 12
+ Ubuntu 22.04 STIG Version 1 Release 1

### 2024 Q1 changes - 02/06/2024:
<a name="2024-q1-linux"></a>

Updated STIG versions and applied STIGS for the 2024 first quarter release as follows:

**STIG-Build-Linux-Low version 2024.1.x**
+ RHEL 7 STIG Version 3 Release 14
+ RHEL 8 STIG Version 1 Release 13
+ Ubuntu 18.04 STIG Version 2 Release 13
+ Ubuntu 20.04 STIG Version 1 Release 11

**STIG-Build-Linux-Medium version 2024.1.x**
+ RHEL 7 STIG Version 3 Release 14
+ RHEL 8 STIG Version 1 Release 13
+ Ubuntu 18.04 STIG Version 2 Release 13
+ Ubuntu 20.04 STIG Version 1 Release 11

**STIG-Build-Linux-High version 2024.1.x**
+ RHEL 7 STIG Version 3 Release 14
+ RHEL 8 STIG Version 1 Release 13
+ Ubuntu 18.04 STIG Version 2 Release 13
+ Ubuntu 20.04 STIG Version 1 Release 11

### 2023 Q4 changes - 12/07/2023:
<a name="2023-q4-linux"></a>

Updated STIG versions and applied STIGS for the 2023 fourth quarter release as follows:

**STIG-Build-Linux-Low version 2023.4.x**
+ RHEL 7 STIG Version 3 Release 13
+ RHEL 8 STIG Version 1 Release 12
+ Ubuntu 18.04 STIG Version 2 Release 12
+ Ubuntu 20.04 STIG Version 1 Release 10

**STIG-Build-Linux-Medium version 2023.4.x**
+ RHEL 7 STIG Version 3 Release 13
+ RHEL 8 STIG Version 1 Release 12
+ Ubuntu 18.04 STIG Version 2 Release 12
+ Ubuntu 20.04 STIG Version 1 Release 10

**STIG-Build-Linux-High version 2023.4.x**
+ RHEL 7 STIG Version 3 Release 13
+ RHEL 8 STIG Version 1 Release 12
+ Ubuntu 18.04 STIG Version 2 Release 12
+ Ubuntu 20.04 STIG Version 1 Release 10

### 2023 Q3 changes - 10/04/2023:
<a name="2023-q3-linux"></a>

Updated STIG versions and applied STIGS for the 2023 third quarter release as follows:

**STIG-Build-Linux-Low version 2023.3.x**
+ RHEL 7 STIG Version 3 Release 12
+ RHEL 8 STIG Version 1 Release 11
+ Ubuntu 18.04 STIG Version 2 Release 11
+ Ubuntu 20.04 STIG Version 1 Release 9

**STIG-Build-Linux-Medium version 2023.3.x**
+ RHEL 7 STIG Version 3 Release 12
+ RHEL 8 STIG Version 1 Release 11
+ Ubuntu 18.04 STIG Version 2 Release 11
+ Ubuntu 20.04 STIG Version 1 Release 9

**STIG-Build-Linux-High version 2023.3.x**
+ RHEL 7 STIG Version 3 Release 12
+ RHEL 8 STIG Version 1 Release 11
+ Ubuntu 18.04 STIG Version 2 Release 11
+ Ubuntu 20.04 STIG Version 1 Release 9

### 2023 Q2 changes - 05/03/2023:
<a name="2023-q2-linux"></a>

Updated STIG versions and applied STIGS for the 2023 second quarter release as follows:

**STIG-Build-Linux-Low version 2023.2.x**
+ RHEL 7 STIG Version 3 Release 11
+ RHEL 8 STIG Version 1 Release 10
+ Ubuntu 18.04 STIG Version 2 Release 11
+ Ubuntu 20.04 STIG Version 1 Release 8

**STIG-Build-Linux-Medium version 2023.2.x**
+ RHEL 7 STIG Version 3 Release 11
+ RHEL 8 STIG Version 1 Release 10
+ Ubuntu 18.04 STIG Version 2 Release 11
+ Ubuntu 20.04 STIG Version 1 Release 8

**STIG-Build-Linux-High version 2023.2.x**
+ RHEL 7 STIG Version 3 Release 11
+ RHEL 8 STIG Version 1 Release 10
+ Ubuntu 18.04 STIG Version 2 Release 11
+ Ubuntu 20.04 STIG Version 1 Release 8

### 2023 Q1 changes - 03/27/2023:
<a name="2023-q1-linux"></a>

Updated STIG versions and applied STIGS for the 2023 first quarter release as follows:

**STIG-Build-Linux-Low version 2023.1.x**
+ RHEL 7 STIG Version 3 Release 10
+ RHEL 8 STIG Version 1 Release 9
+ Ubuntu 18.04 STIG Version 2 Release 10
+ Ubuntu 20.04 STIG Version 1 Release 7

**STIG-Build-Linux-Medium version 2023.1.x**
+ RHEL 7 STIG Version 3 Release 10
+ RHEL 8 STIG Version 1 Release 9
+ Ubuntu 18.04 STIG Version 2 Release 10
+ Ubuntu 20.04 STIG Version 1 Release 7

**STIG-Build-Linux-High version 2023.1.x**
+ RHEL 7 STIG Version 3 Release 10
+ RHEL 8 STIG Version 1 Release 9
+ Ubuntu 18.04 STIG Version 2 Release 10
+ Ubuntu 20.04 STIG Version 1 Release 7

### 2022 Q4 changes - 02/01/2023:
<a name="2022-q4-linux"></a>

Updated STIG versions and applied STIGS for the 2022 fourth quarter release as follows:

**STIG-Build-Linux-Low version 2022.4.x**
+ RHEL 7 STIG Version 3 Release 9
+ RHEL 8 STIG Version 1 Release 8
+ Ubuntu 18.04 STIG Version 2 Release 9
+ Ubuntu 20.04 STIG Version 1 Release 6

**STIG-Build-Linux-Medium version 2022.4.x**
+ RHEL 7 STIG Version 3 Release 9
+ RHEL 8 STIG Version 1 Release 8
+ Ubuntu 18.04 STIG Version 2 Release 9
+ Ubuntu 20.04 STIG Version 1 Release 6

**STIG-Build-Linux-High version 2022.4.x**
+ RHEL 7 STIG Version 3 Release 9
+ RHEL 8 STIG Version 1 Release 8
+ Ubuntu 18.04 STIG Version 2 Release 9
+ Ubuntu 20.04 STIG Version 1 Release 6

### 2022 Q3 changes - 09/30/2022 (no changes):
<a name="2022-q3-linux"></a>

There were no changes for Linux component STIGS for the 2022 third quarter release.

### 2022 Q2 changes - 08/02/2022:
<a name="2022-q2-linux"></a>

Introduced Ubuntu support, updated STIG versions and applied STIGS for the 2022 second quarter release as follows:

**STIG-Build-Linux-Low version 2022.2.x**
+ RHEL 7 STIG Version 3 Release 7
+ RHEL 8 STIG Version 1 Release 6
+ Ubuntu 18.04 STIG Version 2 Release 6 (new)
+ Ubuntu 20.04 STIG Version 1 Release 4 (new)

**STIG-Build-Linux-Medium version 2022.2.x**
+ RHEL 7 STIG Version 3 Release 7
+ RHEL 8 STIG Version 1 Release 6
+ Ubuntu 18.04 STIG Version 2 Release 6 (new)
+ Ubuntu 20.04 STIG Version 1 Release 4 (new)

**STIG-Build-Linux-High version 2022.2.x**
+ RHEL 7 STIG Version 3 Release 7
+ RHEL 8 STIG Version 1 Release 6
+ Ubuntu 18.04 STIG Version 2 Release 6 (new)
+ Ubuntu 20.04 STIG Version 1 Release 4 (new)

### 2022 Q1 changes - 04/26/2022:
<a name="2022-q1-linux"></a>

Refactored to include better support for containers. Combined the previous AL2 script with RHEL 7. Updated STIG versions and applied STIGS for the 2022 first quarter release as follows:

**STIG-Build-Linux-Low version 3.6.x**
+ RHEL 7 STIG Version 3 Release 6
+ RHEL 8 STIG Version 1 Release 5

**STIG-Build-Linux-Medium version 3.6.x**
+ RHEL 7 STIG Version 3 Release 6
+ RHEL 8 STIG Version 1 Release 5

**STIG-Build-Linux-High version 3.6.x**
+ RHEL 7 STIG Version 3 Release 6
+ RHEL 8 STIG Version 1 Release 5

### 2021 Q4 changes - 12/20/2021:
<a name="2021-q4-linux"></a>

Updated STIG versions, and applied STIGS for the 2021 fourth quarter release as follows:

**STIG-Build-Linux-Low version 3.5.x**
+ RHEL 7 STIG Version 3 Release 5
+ RHEL 8 STIG Version 1 Release 4

**STIG-Build-Linux-Medium version 3.5.x**
+ RHEL 7 STIG Version 3 Release 5
+ RHEL 8 STIG Version 1 Release 4

**STIG-Build-Linux-High version 3.5.x**
+ RHEL 7 STIG Version 3 Release 5
+ RHEL 8 STIG Version 1 Release 4

### 2021 Q3 changes - 09/30/2021:
<a name="2021-q3-linux"></a>

Updated STIG versions, and applied STIGS for the 2021 third quarter release as follows:

**STIG-Build-Linux-Low version 3.4.x**
+ RHEL 7 STIG Version 3 Release 4
+ RHEL 8 STIG Version 1 Release 3

**STIG-Build-Linux-Medium version 3.4.x**
+ RHEL 7 STIG Version 3 Release 4
+ RHEL 8 STIG Version 1 Release 3

**STIG-Build-Linux-High version 3.4.x**
+ RHEL 7 STIG Version 3 Release 4
+ RHEL 8 STIG Version 1 Release 3

## SCAP compliance validator component
<a name="scap-compliance"></a>

The Security Content Automation Protocol (SCAP) is a set of standards that IT professionals can use to identify application security vulnerabilities for compliance. The SCAP Compliance Checker (SCC) is a SCAP-validated scanning tool, released by the Naval Information Warfare Center (NIWC) Atlantic. For more information, see [Security Content Automation Protocol (SCAP) Compliance Checker (SCC)](https://www.niwcatlantic.navy.mil/Technology/SCAP/) on the *NIWC Atlantic* website.

The AWSTOE `scap-compliance-checker-windows` and `scap-compliance-checker-linux` components download and install the SCC scanner on the pipeline build and test instances. When the scanner runs, it performs authenticated configuration scans using DISA SCAP Benchmarks, and provides a report that includes the following information. AWSTOE also writes the information to your application logs.
+ STIG settings that are applied to the instance.
+ An overall compliance score for the instance.

We recommend that you run SCAP validation as the final step in your build process, to ensure that you report accurate compliance validation results.

**Note**  
You can review the reports with one of the [STIG Viewing Tools](https://public.cyber.mil/stigs/srg-stig-tools/). These tools are available online via the DoD Cyber Exchange.

The following sections describe the benchmarks that the SCAP validation components include.

### scap-compliance-checker-windows version 2024.03.0
<a name="scap-component-windows"></a>

The `scap-compliance-checker-windows` component runs on the EC2 instances that Image Builder creates to build and test the image. AWSTOE logs both the report and the score that the SCC application produces.

The component performs the following workflow steps: 

1. Downloads and installs the SCC application.

1. Imports the compliance benchmarks.

1. Runs validation using the SCC application.

1. Saves the compliance report and score locally on the build instance desktop.

1. Logs the compliance score from the local report to the AWSTOE application log files.

**Note**  
AWSTOE currently supports SCAP compliance validation for Windows Server 2012 R2 MS, 2016, 2019, and 2022.

The SCAP compliance checker component for Windows includes the following benchmarks:

**SCC Version: 5.10**  
2023 Q4 Benchmarks:
+ U\$1MS\$1Defender\$1Antivirus\$1V2R5\$1STIG\$1SCAP\$11-2\$1Benchmark
+ U\$1MS\$1DotNet\$1Framework\$14-0\$1V2R2\$1STIG\$1SCAP\$11-2\$1Benchmark
+ U\$1MS\$1IE11\$1V2R6\$1STIG\$1SCAP\$11-2\$1Benchmark
+ U\$1MS\$1Windows\$12012\$1and\$12012\$1R2\$1DC\$1V3R5\$1STIG\$1SCAP\$11-2\$1Benchmark
+ U\$1MS\$1Windows\$12012\$1and\$12012\$1R2\$1MS\$1V3R5\$1STIG\$1SCAP\$11-2\$1Benchmark
+ U\$1MS\$1Windows\$1Defender\$1Firewall\$1V2R3\$1STIG\$1SCAP\$11-2\$1Benchmark
+ U\$1MS\$1Windows\$1Server\$12016\$1V2R7\$1STIG\$1SCAP\$11-2\$1Benchmark
+ U\$1MS\$1Windows\$1Server\$12019\$1V3R2\$1STIG\$1SCAP\$11-2\$1Benchmark
+ U\$1MS\$1Windows\$1Server\$12022\$1V2R2\$1STIG\$1SCAP\$11-2\$1Benchmark
+ U\$1CAN\$1Ubuntu\$120-04\$1LTS\$1V1R10\$1STIG\$1SCAP\$11-2\$1Benchmark
+ U\$1RHEL\$17\$1V3R15\$1STIG\$1SCAP\$11-3\$1Benchmark
+ U\$1RHEL\$18\$1V1R13\$1STIG\$1SCAP\$11-3\$1Benchmark
+ U\$1RHEL\$19\$1V2R1\$1STIG\$1SCAP\$11-3\$1Benchmark

### scap-compliance-checker-linux version 2021.04.0
<a name="scap-component-linux"></a>

The `scap-compliance-checker-linux` component runs on the EC2 instances that Image Builder creates to build and test the image. AWSTOE logs both the report and the score that the SCC application produces.

The component performs the following workflow steps:

1. Downloads and installs the SCC application.

1. Imports the compliance benchmarks.

1. Runs validation using the SCC application.

1. Saves the compliance report and score locally, in the following location on the build instance: `/opt/scc/SCCResults`.

1. Logs the compliance score from the local report to the AWSTOE application log files.

**Note**  
AWSTOE currently supports SCAP compliance validation for RHEL 7/8 and Ubuntu 18.04/20.04. The SCC application currently supports the x86 architecture for validation.

The SCAP compliance checker component for Linux includes the following benchmarks:

**SCC Version: 5.10**  
2023 Q4 Benchmarks:
+ U\$1CAN\$1Ubuntu\$120-04\$1LTS\$1V1R10\$1STIG\$1SCAP\$11-2\$1Benchmark
+ U\$1RHEL\$17\$1V3R15\$1STIG\$1SCAP\$11-3\$1Benchmark
+ U\$1RHEL\$18\$1V1R13\$1STIG\$1SCAP\$11-3\$1Benchmark
+ U\$1RHEL\$19\$1V2R1\$1STIG\$1SCAP\$11-3\$1Benchmark
+ U\$1MS\$1Defender\$1Antivirus\$1V2R5\$1STIG\$1SCAP\$11-2\$1Benchmark
+ U\$1MS\$1DotNet\$1Framework\$14-0\$1V2R2\$1STIG\$1SCAP\$11-2\$1Benchmark
+ U\$1MS\$1IE11\$1V2R6\$1STIG\$1SCAP\$11-2\$1Benchmark
+ U\$1MS\$1Windows\$12012\$1and\$12012\$1R2\$1DC\$1V3R5\$1STIG\$1SCAP\$11-2\$1Benchmark
+ U\$1MS\$1Windows\$12012\$1and\$12012\$1R2\$1MS\$1V3R5\$1STIG\$1SCAP\$11-2\$1Benchmark
+ U\$1MS\$1Windows\$1Defender\$1Firewall\$1V2R3\$1STIG\$1SCAP\$11-2\$1Benchmark
+ U\$1MS\$1Windows\$1Server\$12016\$1V2R7\$1STIG\$1SCAP\$11-2\$1Benchmark
+ U\$1MS\$1Windows\$1Server\$12019\$1V3R2\$1STIG\$1SCAP\$11-2\$1Benchmark
+ U\$1MS\$1Windows\$1Server\$12022\$1V2R2\$1STIG\$1SCAP\$11-2\$1Benchmark

### SCAP version history
<a name="ib-scap-version-hist"></a>

The following table describes important changes to the SCAP environment and settings described in this document.


| Change | Description | Date | 
| --- | --- | --- | 
|  2025 Q1 SCAP Updates  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/imagebuilder/latest/userguide/ib-stig.html)  | April 11, 2025 | 
|  2023 Q4 SCAP Updates  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/imagebuilder/latest/userguide/ib-stig.html)  | December 20, 2021 | 
|  2023 Q3 SCAP Updates  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/imagebuilder/latest/userguide/ib-stig.html)  | November 13, 2023 | 
|  Added SCAP components  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/imagebuilder/latest/userguide/ib-stig.html)  | December 20, 2021 |