1. Introduction
2. Licensing
3. Installing Sicura Enterprise
4. Server install from RPM
5. Server install from ISO
6. Upgrade Sicura Enterprise
7. Server Installation via Control Repo
8. Enable SIMP Compliance Engine
9. Configure SIMP Compliance Engine
10. Included Compliance Profiles
11. Console install via Puppet
12. Agent Install via Puppet
13. Coverage - CIS, Windows
14. Coverage - CIS, Linux
15. Coverage - DISA, Windows
16. Coverage - DISA, Linux
17. Linux DISA Module Usage
18. Windows CIS module usage
19. Linux CIS Module Usage

Included Compliance Profiles

The following profiles are provided with Sicura Enterprise. Use these profile names in the SIMP Compliance Engine configuration to report on and enforce these industry standard benchmarks.

Linux Operating Systems and Profiles

Supported Linux Operating Systems

The following operating systems are supported:

• AlmaLinux 8
• AlmaLinux 9
• Oracle Linux 8
• Oracle Linux 9
• Red Hat Enterprise Linux 8
• Red Hat Enterprise Linux 9
• Rocky Linux 8
• Rocky Linux 9

Center for Internet Security (CIS) - Linux

Control coverage details are documented here. Compliance module usage details are documented here.

• cis:level:1:server
• cis:level:2:server
• cis:implementation:group:1:server
• cis:implementation:group:2:server
• cis:implementation:group:3:server

US Defense Information Systems Agency (DISA)

Control coverage details are documented here. Compliance module usage details are documented here.

• disa:mac-1:classified
• disa:mac-1:public
• disa:mac-1:sensitive
• disa:mac-2:classified
• disa:mac-2:public
• disa:mac-2:sensitive
• disa:mac-3:classified
• disa:mac-3:public
• disa:mac-3:sensitive

Windows Operating Systems and Profiles

Supported Windows Operating Systems

The following Windows operating systems are supported:

• Windows Server 2016
• Windows Server 2019
• Windows Server 2022
• Windows 11

Center for Internet Security (CIS) - Windows

Control coverage details are documented here. Compliance module usage details are documented here.

• cis:level:1:domain:controller
• cis:level:2:domain:controller
• cis:level:1:member:server
• cis:level:2:member:server

Please note the following profiles are only defined by CIS on Windows 2016 and 2019. They provide enforcement for boot and virtualization options that are not available in previous versions of Windows. If needed, these profiles should be specified in addition to Level 1 or Level 2 profiles.

• cis:next:generation:windows:security:domain:controller
• cis:next:generation:windows:security:member:server

Please note the following profiles are only defined by CIS on Windows 11. The domain controller and member server profiles are not available for this operating system.

• cis:level:1:l1:corporateenterprise:environment:general:use
• cis:level:1:l1::bitlocker:bl
• cis:level:2:l2:high:securitysensitive:data:environment:limited:functionality
• cis:level:2:l2::bitlocker:bl

US Defense Information Systems Agency (DISA)

Control coverage details are documented here.

• disa:mac-1:classified
• disa:mac-1:public
• disa:mac-1:sensitive
• disa:mac-2:classified
• disa:mac-2:public
• disa:mac-2:sensitive
• disa:mac-3:classified
• disa:mac-3:public
• disa:mac-3:sensitive