Skip to main content
← All benchmarks
CIS RHEL 9 Benchmark

CIS RHEL 9 Benchmark, continuously evidenced.

The CIS Red Hat Enterprise Linux 9 Benchmark defines 296 security controls covering filesystem hardening, services minimization, network configuration, logging and auditing, access control, SSH hardening, SELinux, and DNF package management. CISGuard's agent-based scanning evaluates every control with per-host evidence and historical posture trending.

EndpointAgentAll tier
Quick Facts

Red Hat Enterprise Linux 9 benchmark at a glance.

Benchmark version
v2.0.0
Total controls
296
Scan type
Agent
Available tier
All plans
Category
Endpoint
Drift detection
Yes, between every scheduled scan
Coverage

What this benchmark actually covers.

  • Filesystem mount options + permissions
  • DNF + repository configuration
  • Network parameters + nftables
  • Logging + auditd + rsyslog
  • SSH + PAM hardening
  • SELinux enforcement
  • Cron + at access control
  • Updates + patching configuration
Frequently Asked

Red Hat Enterprise Linux 9 questions, answered directly.

Does CISGuard support RHEL 8 and earlier?

Yes. CISGuard supports RHEL 9, 8, and 7 with the corresponding CIS benchmarks. CentOS, Rocky Linux, AlmaLinux, and Oracle Linux are detected as RHEL-derivatives and scan against the matching RHEL benchmark version.

How does CISGuard handle SELinux state?

CIS RHEL 9 Benchmark requires SELinux in Enforcing mode by default. CISGuard reports the current SELinux state per host. Permissive or Disabled states are flagged as control failures, and the exception management workflow documents any approved deviations with compensating controls.

Can CISGuard scan RHEL containers and immutable images?

Yes. CISGuard supports RHEL container images and immutable RHEL CoreOS deployments. For ephemeral container infrastructure, CIS posture evaluation runs at image-build time as part of CI/CD; for long-running RHEL hosts, the scanning agent runs as a systemd service.

Related Benchmarks

Often deployed together with Red Hat Enterprise Linux 9.

Endpoint

Ubuntu 24.04 LTS

311 controls · v1.0.0

Read more →
Container & Orchestration

Docker

118 controls · v1.8.0

Read more →
Container & Orchestration

Red Hat OpenShift

111 controls · v1.9.0

Read more →

Want a Red Hat Enterprise Linux 9 scan of your environment?

Our compliance engineers will scope your environment and quote within one business day of an initial briefing.

Request Executive Briefingsales@cisguard.ae →