So in the CentOS installer, I click "SECURITY POLICY" and scroll down to the bottom profile entitled, "DISA STIG for CentOS Linux 7".
Two questions...
We read, "This profile contains configuration checks that align to the DISA STIG for CentOS Linux V1R1". But where is this STIG? I don't see it at
https://iase.disa.mil/stigs/Pages/a-z.aspx .
If this CentOS STIG is gone now, then what has DISA said should be used to harden CentOS? I realize many people use RHEL STIGs instead, and I realize CentOS is a near-clone of RHEL, but I'm looking for a paper trail. I mean, in which document does DISA come out and officially recognize the effectiveness of RHEL STIGs upon CentOS?