Amazon Linux 2023 Department of War (Previously Department of Defense) STIG #13885

bordencastle · 2025-09-05T18:22:13Z

bordencastle
Sep 5, 2025

Share the context

DISA Released Version 1 Release 1 of the Amazon Linux 2023 DoD STIG yesterday 09/04/2025

Description of problem:

It would be good to integrate this into complianceascode content.

Proposed change:

Add Amazon Linux 2023 DISA STIG to complianceascode content.

References:

https://www.cyber.mil/stigs/downloads

bordencastle · 2025-09-05T20:06:44Z

bordencastle
Sep 5, 2025
Author

Comparison of Similarity in the Fix Text Field of the Checklists....

AL2023 ID	RHEL9 ID	Similarity
AZLX-23-001300	RHEL-09-611170	0.999596
AZLX-23-002440	RHEL-09-432035	0.998923
AZLX-23-002510	RHEL-09-412080	0.998269
AZLX-23-002430	RHEL-09-411050	0.998121
AZLX-23-002555	RHEL-09-211055	0.998079
AZLX-23-001020	RHEL-09-611085	0.997772
AZLX-23-001015	RHEL-09-432025	0.997673
AZLX-23-002040	RHEL-09-653040	0.997628
AZLX-23-001265	RHEL-09-672040	0.997478
AZLX-23-002265	RHEL-09-653080	0.99744
AZLX-23-002460	RHEL-09-411080	0.997304
AZLX-23-002410	RHEL-09-412065	0.997188
AZLX-23-002190	RHEL-09-232035	0.997163
AZLX-23-002395	RHEL-09-412040	0.997108
AZLX-23-002045	RHEL-09-653045	0.997064
AZLX-23-002396	RHEL-09-412035	0.997038
AZLX-23-002405	RHEL-09-412050	0.997022
AZLX-23-000220	RHEL-09-213080	0.996915
AZLX-23-002000	RHEL-09-211020	0.996877
AZLX-23-001255	RHEL-09-255050	0.996412
AZLX-23-002390	RHEL-09-611105	0.996244
AZLX-23-002520	RHEL-09-653120	0.996238
AZLX-23-002200	RHEL-09-232225	0.996173
AZLX-23-002480	RHEL-09-411045	0.995759
AZLX-23-002450	RHEL-09-431010	0.995733
AZLX-23-002470	RHEL-09-411090	0.995651
AZLX-23-002489	RHEL-09-611040	0.995643
AZLX-23-002600	RHEL-09-231040	0.995594
AZLX-23-002195	RHEL-09-232220	0.995583
AZLX-23-002290	RHEL-09-232020	0.995472
AZLX-23-000200	RHEL-09-213010	0.995375
AZLX-23-000205	RHEL-09-213015	0.995352
AZLX-23-002535	RHEL-09-213030	0.995059
AZLX-23-002540	RHEL-09-213035	0.995059
AZLX-23-002315	RHEL-09-232025	0.99413
AZLX-23-002435	RHEL-09-411040	0.99361
AZLX-23-001005	RHEL-09-611145	0.993487
AZLX-23-002350	RHEL-09-232195	0.993214
AZLX-23-001115	RHEL-09-611175	0.993185
AZLX-23-002455	RHEL-09-411075	0.992839
AZLX-23-001130	RHEL-09-215075	0.991992
AZLX-23-002345	RHEL-09-232190	0.991798
AZLX-23-002620	RHEL-09-611030	0.991594
AZLX-23-001070	RHEL-09-651025	0.989618
AZLX-23-001180	RHEL-09-255010	0.989339
AZLX-23-002005	RHEL-09-255025	0.98894
AZLX-23-001295	RHEL-09-631015	0.988786
AZLX-23-001095	RHEL-09-215095	0.988265
AZLX-23-001125	RHEL-09-611185	0.988265
AZLX-23-001110	RHEL-09-431025	0.988265
AZLX-23-000120	RHEL-09-214015	0.988262
AZLX-23-001035	RHEL-09-653130	0.987871
AZLX-23-001305	RHEL-09-631020	0.987544
AZLX-23-000115	RHEL-09-214020	0.984378
AZLX-23-002240	RHEL-09-653110	0.983933
AZLX-23-001225	RHEL-09-255090	0.97962
AZLX-23-001185	RHEL-09-255015	0.979225
AZLX-23-002570	RHEL-09-651015	0.979111
AZLX-23-001065	RHEL-09-651015	0.979111
AZLX-23-001050	RHEL-09-252010	0.976132
AZLX-23-000135	RHEL-09-211040	0.975174
AZLX-23-001235	RHEL-09-255040	0.974264
AZLX-23-001240	RHEL-09-255045	0.974105
AZLX-23-002565	RHEL-09-252020	0.972974
AZLX-23-002330	RHEL-09-232030	0.96947
AZLX-23-000215	RHEL-09-213075	0.969431
AZLX-23-001000	RHEL-09-432010	0.968209
AZLX-23-002050	RHEL-09-653050	0.966963
AZLX-23-002125	RHEL-09-654025	0.965485
AZLX-23-002130	RHEL-09-654070	0.965205
AZLX-23-002285	RHEL-09-232015	0.961484
AZLX-23-002445	RHEL-09-431015	0.959827
AZLX-23-001280	RHEL-09-671010	0.95911
AZLX-23-000310	RHEL-09-215025	0.959071
AZLX-23-001260	RHEL-09-672035	0.95813
AZLX-23-001060	RHEL-09-651010	0.957395
AZLX-23-001245	RHEL-09-255100	0.956781
AZLX-23-002280	RHEL-09-232215	0.95592
AZLX-23-002065	RHEL-09-652040	0.955743
AZLX-23-002275	RHEL-09-653090	0.954897
AZLX-23-001080	RHEL-09-251015	0.954808
AZLX-23-001010	RHEL-09-432015	0.954751
AZLX-23-002305	RHEL-09-232210	0.954705
AZLX-23-001220	RHEL-09-255140	0.953733
AZLX-23-002225	RHEL-09-653080	0.951951
AZLX-23-002300	RHEL-09-232205	0.950613
AZLX-23-002295	RHEL-09-232200	0.949083
AZLX-23-001195	RHEL-09-672010	0.948459
AZLX-23-000315	RHEL-09-215040	0.947496
AZLX-23-002235	RHEL-09-653090	0.946315
AZLX-23-001215	RHEL-09-255135	0.945668
AZLX-23-002580	RHEL-09-231105	0.940204
AZLX-23-002270	RHEL-09-653085	0.938413
AZLX-23-002055	RHEL-09-653070	0.937671
AZLX-23-002585	RHEL-09-231110	0.935211
AZLX-23-002590	RHEL-09-231120	0.933059
AZLX-23-000305	RHEL-09-215020	0.932394
AZLX-23-001315	RHEL-09-611190	0.930405
AZLX-23-002515	RHEL-09-212055	0.928578
AZLX-23-002110	RHEL-09-654010	0.925449
AZLX-23-002230	RHEL-09-653085	0.921782
AZLX-23-002150	RHEL-09-654065	0.918115
AZLX-23-002425	RHEL-09-411015	0.917402
AZLX-23-001105	RHEL-09-252065	0.914648
AZLX-23-002070	RHEL-09-652045	0.913767
AZLX-23-001275	RHEL-09-255065	0.907372
AZLX-23-002400	RHEL-09-611075	0.904758
AZLX-23-002120	RHEL-09-654020	0.898967
AZLX-23-001250	RHEL-09-255095	0.895645
AZLX-23-002485	RHEL-09-411030	0.887052
AZLX-23-000100	RHEL-09-231190	0.88609
AZLX-23-002185	RHEL-09-654200	0.88375
AZLX-23-001075	RHEL-09-251010	0.883185
AZLX-23-000320	RHEL-09-215045	0.882558
AZLX-23-001045	RHEL-09-652030	0.882448
AZLX-23-002115	RHEL-09-654015	0.882113
AZLX-23-002215	RHEL-09-653070	0.881502
AZLX-23-002105	RHEL-09-654235	0.88149
AZLX-23-002060	RHEL-09-652035	0.881241
AZLX-23-002335	RHEL-09-232185	0.878625
AZLX-23-002175	RHEL-09-654185	0.877607
AZLX-23-002145	RHEL-09-654105	0.873758
AZLX-23-002135	RHEL-09-654080	0.872869
AZLX-23-002595	RHEL-09-611180	0.872759
AZLX-23-002155	RHEL-09-654045	0.872686
AZLX-23-002340	RHEL-09-232180	0.872212
AZLX-23-001090	RHEL-09-251030	0.871564
AZLX-23-002165	RHEL-09-654255	0.871344
AZLX-23-002385	RHEL-09-611060	0.871215
AZLX-23-002100	RHEL-09-654230	0.869651
AZLX-23-002255	RHEL-09-654245	0.869651
AZLX-23-002180	RHEL-09-654195	0.862273
AZLX-23-002560	RHEL-09-252020	0.860831
AZLX-23-002380	RHEL-09-611100	0.859753
AZLX-23-002160	RHEL-09-654250	0.859427
AZLX-23-002250	RHEL-09-654240	0.858405
AZLX-23-001290	RHEL-09-611165	0.853753
AZLX-23-002025	RHEL-09-653060	0.852833
AZLX-23-002500	RHEL-09-232245	0.852338
AZLX-23-001055	RHEL-09-252015	0.851317
AZLX-23-002020	RHEL-09-231030	0.850095
AZLX-23-002320	RHEL-09-232170	0.84858
AZLX-23-002365	RHEL-09-611070	0.848555
AZLX-23-002360	RHEL-09-611065	0.848555
AZLX-23-002355	RHEL-09-611110	0.848555
AZLX-23-002095	RHEL-09-654225	0.845575
AZLX-23-002575	RHEL-09-213020	0.844952
AZLX-23-002210	RHEL-09-654085	0.837555
AZLX-23-002260	RHEL-09-653100	0.837474
AZLX-23-002075	RHEL-09-652050	0.836473
AZLX-23-002325	RHEL-09-232175	0.836401
AZLX-23-002490	RHEL-09-611050	0.834417
AZLX-23-002615	RHEL-09-214035	0.829819
AZLX-23-002085	RHEL-09-654215	0.829481
AZLX-23-002090	RHEL-09-654215	0.829481
AZLX-23-005000	RHEL-09-654270	0.825983
AZLX-23-002495	RHEL-09-611055	0.825932
AZLX-23-001230	RHEL-09-255035	0.825376
AZLX-23-002030	RHEL-09-653065	0.811496
AZLX-23-000300	RHEL-09-215015	0.810811
AZLX-23-001200	RHEL-09-255055	0.810432
AZLX-23-000130	RHEL-09-211010	0.806855
AZLX-23-002375	RHEL-09-611090	0.805823
AZLX-23-000210	RHEL-09-213025	0.795042
AZLX-23-002245	RHEL-09-654150	0.787313
AZLX-23-002505	RHEL-09-232240	0.775069
AZLX-23-002370	RHEL-09-611115	0.763604
AZLX-23-001040	RHEL-09-652020	0.752883
AZLX-23-002220	RHEL-09-653025	0.75222
AZLX-23-002465	RHEL-09-411085	0.706033
AZLX-23-001025	RHEL-09-653010	0.690237
AZLX-23-002205	RHEL-09-654240	0.682896
AZLX-23-001085	RHEL-09-251035	0.666906
AZLX-23-002035	RHEL-09-653035	0.663485
AZLX-23-000225	RHEL-09-213070	0.646632
AZLX-23-002420	RHEL-09-611030	0.643452
AZLX-23-001205	RHEL-09-672020	0.643222
AZLX-23-002015	RHEL-09-653030	0.643038
AZLX-23-001210	RHEL-09-672020	0.642694
AZLX-23-001285	RHEL-09-672010	0.635171
AZLX-23-001120	RHEL-09-215075	0.554608
AZLX-23-002415	RHEL-09-411040	0.536519
AZLX-23-002140	RHEL-09-654050	0.536035
AZLX-23-001030	RHEL-09-653015	0.51337
AZLX-23-002475	RHEL-09-251020	0.504679
AZLX-23-001270	RHEL-09-672045	0.47515
AZLX-23-000125	RHEL-09-214025	0.444188
AZLX-23-000110	RHEL-09-214015	0.40211
AZLX-23-002080	RHEL-09-652055	0.290845
AZLX-23-001310	RHEL-09-215010	0.228441
AZLX-23-002605	RHEL-09-251030	0.161288
AZLX-23-002610	RHEL-09-232260	0.0630691

0 replies

bordencastle · 2025-09-05T20:07:49Z

bordencastle
Sep 5, 2025
Author

Posted similarity analysis above between RHEL 9 and Amazon Linux 2023, as a lot of the STIGs are the same, just written slightly differently. I think it is all Fedora based, would be nice if all the common ones were 100% similarity, but not the case when things are hand jammed.

0 replies

bordencastle · 2025-09-05T20:15:45Z

bordencastle
Sep 5, 2025
Author

If you wanted to do the same analysis. Replace "rhel9" and "amazonlinux" with DISA STIG checklists converted to CSV.

import pandas as pd
from sklearn.feature_extraction.text import TfidfVectorizer
from sklearn.metrics.pairwise import cosine_similarity

# Load CSVs
al = pd.read_csv("amazonlinux")
rhel = pd.read_csv("rhel9")

# TF-IDF on descriptions
vectorizer = TfidfVectorizer(stop_words='english')
tfidf_al = vectorizer.fit_transform(al['Fix Text'].astype(str))
tfidf_rhel = vectorizer.transform(rhel['Fix Text'].astype(str))

# Compute similarity
sim_matrix = cosine_similarity(tfidf_al, tfidf_rhel)

crosswalk = []

for i, al_row in al.iterrows():
    best_idx = sim_matrix[i].argmax()
    crosswalk.append({
        'AL2023 ID': al_row['STIG ID'],
        'AL2023 Fix Text': al_row['Fix Text'],
        'RHEL9 ID': rhel.iloc[best_idx]['STIG ID'],
        'RHEL9 Fix Text': rhel.iloc[best_idx]['Fix Text'],
        'Similarity': sim_matrix[i][best_idx]
    })

df_crosswalk = pd.DataFrame(crosswalk)
df_crosswalk.to_csv("al2023_rhel9_crosswalk.csv", index=False)

0 replies

bordencastle · 2025-09-06T15:44:50Z

bordencastle
Sep 6, 2025
Author

I took that same approach to generate this....

I might be able to help more if guided in the right direction....
https://github.com/bordencastleadmin/amazonlinuxcontent/blob/master/controls/stig_al2023.yml

But, i copied in the highest similarity to RHEL 9 and created placeholders with "pending" status for where similarities do not exist.

0 replies

bordencastle · 2025-09-14T13:24:42Z

bordencastle
Sep 14, 2025
Author

I got the profile to build. I think I just need to go through each item to verify it is 100% correct. If this is not something desired here, I can create a fork, or just make a playbook for my own use. Just let me know how to proceed. @Mab879

0 replies

Mab879 · 2025-09-18T17:18:29Z

Mab879
Sep 18, 2025
Maintainer

Thanks for for the work. Please feel free open PR to get some better feedback. Here few points I found based on a quick look:

The id should just be the STIG ID, no extra identifiers. i.e. AZLX-23-000100.
The formatting should follow the style guide and should pass this project's YAML lint.
The SME field on the profile should be a github username
The reference key on the profile should use the new URL of DISA's website.

0 replies

nessadc · 2025-10-21T18:52:40Z

nessadc
Oct 21, 2025

Hi @bordencastle , are you still working on a PR for this? I am happy to attempt it.

0 replies

ngearhart · 2025-12-03T13:40:48Z

ngearhart
Dec 3, 2025

Good morning, has this received any progress?

0 replies

Eric-Domeier · 2025-12-15T12:53:17Z

Eric-Domeier
Dec 15, 2025

@Mab879 @nessadc @ngearhart I started a PR here

The profile runs, down to 12 rules coming back as N/A - still need to go through each check and make sure its doing the right thing

0 replies

Eric-Domeier · 2025-12-16T02:48:17Z

Eric-Domeier
Dec 16, 2025

@Mab879 @nessadc @ngearhart @bordencastle I had to make a new PR since it was failing for having a merge request in commit... anyways

I could use a hand in reviewing the rules, to test this is somewhat difficult, since AL2023 doesn't have the latest oscap, it needs to be built from source on the remote machine, and then use oscap-ssh to scan/remediate. i was able to get it to ~80%ish green

Steps to reproduce

Pre-req

have a al2023 vanilla VM installed, or an ec2 instance in AWS
If using vmware, need a seed.iso to cloud-init the instance for initial use

On the remote AL2023 VM

Install the build dependencies, and git for openscap, similar to RHEL8+. Note that python36-devel is not available

sudo dnf install \
git cmake dbus-devel libacl-devel libblkid-devel libcap-devel libcurl-devel \
libgcrypt-devel libselinux-devel libxml2-devel libxslt-devel libattr-devel make openldap-devel \
pcre2-devel perl-XML-Parser perl-XML-XPath perl-devel rpm-devel swig \
bzip2-devel gcc-c++ libyaml-devel xmlsec1-devel xmlsec1-openssl-devel

Clone the openscap repo

git clone https://github.com/OpenSCAP/openscap.git

Build oscap from source

$ cd build/
$ cmake ../
$ make
$ make install

Move oscap_wrapper to path and rename to oscap

sudo mv oscap_wrapper /usr/local/bin/oscap

On local fedora box

Clone the PR
gh pr checkout 14246
Build the content

cd build
cmake ../
make -j4 al2023

Run the scan with remediate

oscap-ssh --sudo ec2-user@<ipaddress> 22 xccdf eval --remediate --profile xccdf_org.ssgproject.content_profile_stig --stig-viewer ssh-remediate-results.xml ssg-al2023-ds.xml

2 replies

ngearhart Dec 17, 2025

If I get time this week or next, I'll take a look.

bordencastle Dec 17, 2025
Author

I ran it on a VM installed in KVM, going to go through each check manually. It might take me a couple days. Thanks for the work @Eric-Domeier

Amazon Linux 2023 Department of War (Previously Department of Defense) STIG #13885

Uh oh!

bordencastle Sep 5, 2025

Share the context

Description of problem:

Proposed change:

References:

Replies: 10 comments · 2 replies

Uh oh!

Uh oh!

bordencastle Sep 5, 2025 Author

Uh oh!

Uh oh!

bordencastle Sep 5, 2025 Author

Uh oh!

bordencastle Sep 5, 2025 Author

Uh oh!

Uh oh!

bordencastle Sep 6, 2025 Author

Uh oh!

Uh oh!

bordencastle Sep 14, 2025 Author

Uh oh!

Mab879 Sep 18, 2025 Maintainer

Uh oh!

nessadc Oct 21, 2025

Uh oh!

ngearhart Dec 3, 2025

Uh oh!

Eric-Domeier Dec 15, 2025

Uh oh!

Uh oh!

Eric-Domeier Dec 16, 2025

Steps to reproduce

Pre-req

On the remote AL2023 VM

On local fedora box

Uh oh!

ngearhart Dec 17, 2025

Uh oh!

Uh oh!

bordencastle Dec 17, 2025 Author

bordencastle
Sep 5, 2025

Replies: 10 comments 2 replies

bordencastle
Sep 5, 2025
Author

bordencastle
Sep 5, 2025
Author

bordencastle
Sep 5, 2025
Author

bordencastle
Sep 6, 2025
Author

bordencastle
Sep 14, 2025
Author

Mab879
Sep 18, 2025
Maintainer

nessadc
Oct 21, 2025

ngearhart
Dec 3, 2025

Eric-Domeier
Dec 15, 2025

Eric-Domeier
Dec 16, 2025

bordencastle Dec 17, 2025
Author