GRC Store

Search / complytime/cis-fedora-l1-guidance / dev-20260527.1

Release · dev-20260527.1

complytime/cis-fedora-l1-guidance Guidance Catalog

complytime/cis-fedora-l1-guidance

Guidance catalog for the CIS Fedora Linux Level 1 Benchmark. Provides rationale and context for each control family covering filesystem hardening, service minimization, network security, firewall configuration, access controls, logging, and system maintenance. Shared across Server and Workstation profiles.

Published by ComplyTime

Install

OCI v1.1
$grcli unpack --repository complytime/cis-fedora-l1-guidance --tag dev-20260527.1
Coordinate
oci.grc.store/complytime/cis-fedora-l1-guidance:dev-20260527.1
Manifest digest
sha256:16ee4f6d51a2d9e6305e708203645bbfb89a96d2d94747228f85a77b0f5476ec

Provenance

1 layer
Digest Media type Size
c48d6deb8873… application/vnd.gemara.artifact.v1+yaml 11.3 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "1.1.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "cis-fedora-l1-guidance",
            "type": "GuidanceCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "complytime/cis-fedora-l1-guidance",
            "tag": "dev-20260527.1"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/complytime-policies",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26539707251",
          "GITHUB_SHA": "fb4320fc65d7d6d257901b0dc1fd6597855e057c",
          "GITHUB_WORKFLOW": "Publish to grc.store",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "governance/guidance/cis-fedora-l1-guidance.yaml",
            "uri": "file://governance/guidance/cis-fedora-l1-guidance.yaml",
            "digest": {
              "sha256": "c48d6deb88730ad9a2b9f2bab5a4c94b9bd25bc0673e546cc9cd930bf5416333"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/complytime-policies@fb4320fc65d7d6d257901b0dc1fd6597855e057c",
            "digest": {
              "gitCommit": "fb4320fc65d7d6d257901b0dc1fd6597855e057c"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/complytime-policies/actions/runs/26539707251",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.1.2"
          }
        },
        "metadata": {
          "invocationId": "26539707251-1",
          "startedOn": "2026-05-27T21:26:42.653830392Z",
          "finishedOn": "2026-05-27T21:26:43.456194338Z"
        },
        "byproducts": [
          {
            "name": "cis-fedora-l1-guidance.yaml",
            "digest": {
              "sha256": "c48d6deb88730ad9a2b9f2bab5a4c94b9bd25bc0673e546cc9cd930bf5416333"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "cis-fedora-l1-guidance.yaml",
      "type": "GuidanceCatalog",
      "id": "cis-fedora-l1-guidance",
      "role": "artifact"
    }
  ]
}

CIS Fedora Linux - Level 1 Guidance

Guidance catalog for the CIS Fedora Linux Level 1 Benchmark. Provides rationale and context for each control family covering filesystem hardening, service minimization, network security, firewall configuration, access controls, logging, and system maintenance. Shared across Server and Workstation profiles.

ID
cis-fedora-l1-guidance
Type
Standard
Version
dev-20260527.1
Gemara version
1.1.0
Author
ComplyTime

Initial Setup

Filesystem, software updates, SELinux, boot, kernel, crypto, and banner configuration

  1. guidance-initial-setup CIS Fedora Server L1 - Initial Setup

    Objective

    Ensure foundational system hardening is applied before the system enters production

Services

Network services, client packages, and time synchronization configuration

  1. guidance-services CIS Fedora Server L1 - Services

    Objective

    Minimize the system attack surface by disabling or removing unnecessary network services and client packages

Network Configuration

Kernel modules, IPv4, and IPv6 network stack configuration

  1. guidance-network CIS Fedora Server L1 - Network Configuration

    Objective

    Harden network stack configuration to prevent common network-based attacks

Host-Based Firewall

Firewall package installation and traffic filtering configuration

  1. guidance-firewall CIS Fedora Server L1 - Host-Based Firewall

    Objective

    Ensure a properly configured host-based firewall limits network exposure

Access, Authentication, and Authorization

SSH, sudo, PAM, password, user account, and shell configuration

  1. guidance-access-auth CIS Fedora Server L1 - Access, Authentication, and Authorization

    Objective

    Enforce strong access controls to prevent unauthorized access and privilege escalation

Logging and Auditing

System logging, journald, and file integrity monitoring configuration

  1. guidance-logging CIS Fedora Server L1 - Logging and Auditing

    Objective

    Ensure comprehensive logging for incident detection and forensic analysis

System Maintenance

File permissions, user/group integrity, and home directory configuration

  1. guidance-maintenance CIS Fedora Server L1 - System Maintenance

    Objective

    Maintain proper file permissions and account hygiene to prevent privilege escalation

Operations

Operational tasks required for configuration application

  1. guidance-operations CIS Fedora Server L1 - Operations

    Objective

    Ensure operational tasks are completed after configuration changes