Included Compliance Profiles
The following profiles are provided with Sicura Enterprise. Use these profile names in the SIMP Compliance Engine configuration to report on and enforce these industry standard benchmarks.
RHEL / CentOS / Oracle Linux 7 and 8
Center for Internet Security (CIS) - Linux
Control coverage details are documented here.
Compliance module usage details are documented here.
- cis:level:1:server
- cis:level:2:server
Additionally, based on Controls mappings provided by CIS, we provide the following profiles.
US Department of Defense Cybersecurity Maturity Model Certification (CMMC)
- cmmc:level:1
- cmmc:level:2
- cmmc:level:3
- cmmc:level:4
- cmmc:level:5
Control coverage details are documented here.
Compliance module usage details are documented here.
- disa:mac-1:classified
- disa:mac-1:public
- disa:mac-1:sensitive
- disa:mac-2:classified
- disa:mac-2:public
- disa:mac-2:sensitive
- disa:mac-3:classified
- disa:mac-3:public
- disa:mac-3:sensitive
SCAP Security Guide (SSG)
Compliance module usage details are documented here
- Oracle Linux 7
- ssg:content:cui
- ssg:content:hipaa
- ssg:content:stig
- ssg:content:pci-dss
- Oracle Linux 8
- ssg:content:cui
- ssg:content:hipaa
- ssg:content:stig
- ssg:content:pci-dss
- CentOS 7
- CentOS 8
- ssg:content:cis
- ssg:content:cui
- ssg:content:hipaa
- ssg:content:stig
- ssg:content:pci-dss
- Red Hat Enterprise Linux 7
- ssg:content:cis
- ssg:content:cui
- ssg:content:hipaa
- ssg:content:stig
- ssg:content:pci-dss
- Red Hat Enterprise Linux 8
- ssg:content:cis
- ssg:content:cui
- ssg:content:hipaa
- ssg:content:stig
- ssg:content:pci-dss
Windows Server 2012 / 2012 R2 / 2016 / 2019 / 2022
Center for Internet Security (CIS) - Windows
Control coverage details are documented here.
Compliance module usage details are documented here.
- cis:level:1:domain:controller
- cis:level:2:domain:controller
- cis:level:1:member:server
- cis:level:2:member:server
Please note the following profiles are only defined by CIS on Windows 2016 and 2019. They provide enforcement for boot and virtualization options that are not available in previous versions of Windows. If needed, these profiles should be specified in addition to Level 1 or Level 2 profiles.
- cis:next:generation:windows:security:domain:controller
- cis:next:generation:windows:security:member:server
Additionally, based on Controls mappings provided by CIS, the following profiles are provided.
US Department of Defense Cybersecurity Maturity Model Certification (CMMC)
- cmmc:level:1
- cmmc:level:2
- cmmc:level:3
- cmmc:level:4
- cmmc:level:5
Control coverage details are documented here.
- disa:mac-1:classified
- disa:mac-1:public
- disa:mac-1:sensitive
- disa:mac-2:classified
- disa:mac-2:public
- disa:mac-2:sensitive
- disa:mac-3:classified
- disa:mac-3:public
- disa:mac-3:sensitive
Additionally, based on Controls mappings provided by NIST, the following profiles are provided for Windows 2012r2, 2016, and 2019.
NIST SP 800-171
HIPAA