NISP Linux Engineering Services

WP ID

Work Package Title

WP1

Port latest released NISP (Oracle Linux) to latest released Oracle Linux 9

NISP_OL is comprised of software and documentation, which allow the end user to install a secured Oracle Linux 8 onto bare metal, or update an existing installation. Several machine profiles are supported, such as AD member server, standalone server

ID

Deliverable(s) Description

D1

Bootable ISO image (compatible with boot from USB keys and BluRay) which allows to install NISP_OL with Oracle Linux 9 following the same or very similar procedures as NISP_OL with Oracle Linux 8.

D2

Automatic build procedure to build the bootable ISO image from D1

D3

Standalone server fresh installation and configuration as Active Directory Member Server

D4

Updated documentation and procedures for NISP_OL with Oracle Linux 9 in the

following documents:

Software Installation Plan

System Administration Manual

D5

Updated information on supported hardware and virtualization environments in

the Hardware Guide

ID

Constraint(s) Description

C1

Secure Boot shall be supported for installation from media and network.

C2

Provided procedures must provide the service in an offline environment (no Internet connectivity).

C3

Documentation source is in DocBook, however oXygen is available for near WYSIWYG editing

C4

Revision control used in NISP project is git with gitlab. All source is to be revision controlled

ID

Acceptance Criteria

A1

Deliverables shall pass the full NISP Regression Test Suite, any test case redlines

must be approved by test director and leading engineer.

A2

Any provided code or code changes must pass SonarQube quality evaluation

(same settings as rest of NISP project).

Additional Notes

Note 1: The automatic build of the NISP_OL installation ISO and all associated procedures are available and tested for Oracle Linux 8. The contractor’ personnels may build upon those procedures and code.

Note 2: We expect familiarity with revision control in general and git in particular.

Note 3: We expect the contractor’s personnels to be specialists with in-depth expertise in the area related to this work-package; we further expect the contractor’s personnel to be able to provide the service unsupervised.

Note 4: NISP Team will provide support and information related to local specificities, such as the NISP build environment, access to required files and folders, access to test machines, access to offices and work-environment; NISP Team can further provide details on “what” to implement related to this service package; however, NISP Team cannot provide technical expertise related to the “how” of implementing this work package.

Note 5: Deliverables can be grouped and each group accepted separately

WP ID

Work Package Title

WP2

Application of OpenScap Security Rules on NISP Oracle and Redhat Linux 9

NISP_OL is comprised of software and documentation, which allow the end user to install a secured Oracle Linux 8 onto bare metal, or update an existing installation. Several machine profiles are supported, such as AD member server, standalone server

ID

Deliverable(s) Description

D1

Successful application (remediation) of selected security rules NISP Oracle/RedHat Linux 9

D2

Successful auditing of selected of security rules to NISP Oracle/RedHat Linux 9.

D3

Documentation of changes to security rules required for successful remediation and rationale for change

D4

Documentation of changes to security rules required for successful auditing and rationale for change

D5

Adaptation of security rules to different machine profiles (standalone server, member serve).

ID

Constraint(s) Description

C1

Security Rules from Oracle Linux 8 DISA STIG or Oracle/RedHat Linux 9 SCAP Security Guide

C2

Provided procedures must provide the service in an offline environment (no Internet connectivity).

C3

Application and auditing of security rules using oscap commands.

C4

Revision control used in NISP project is git with gitlab.

C5

Changes to security rules shall be traced in revision control tool

ID

Acceptance Criteria

A1

Machine shall pass the full NISP Regression Test Suite after application of security settings, any test case redlines must be approved by test director and leading engineer

A2

Security settings shall be applied successfully according to documented procedure

A3

Any provided code or code changes must pass SonarQube quality evaluation (same settings as rest of NISP project).

Additional Notes

Note 1: The automatic build of the NISP_OL installation ISO and all associated procedures are available and tested for Oracle Linux 8. The contractor’s personnel may build upon those procedures and code.

Note 2: We expect familiarity with revision control in general and git in particular.

Note 3: We expect the contractor’s personnel to be specialists with in-depth expertise in the area related to this work-package; we further expect the contractor’s personnel to be able to provide the service unsupervised.

Note 4: NISP Team will provide support and information related to local specificities, such as the NISP build environment, access to required files and folders, access to test machines, access to offices and work-environment; NISP Team can further provide details on “what” to implement related to this service package; however, NISP Team cannot provide technical expertise related to the “how” of implementing this work package.

Note 5: Deliverables can be grouped