IBM Support

QRadar: Hardening QRadar appliances

Question/Answer


Question

Exceptions to Security Technical Implementation Guide (STIG) Compliance, can I harden my QRadar appliance or deployment?

Answer

As of QRadar 7.3.0 a STIG hardening script is provided to use with an All-In-One appliance. This script comes standard with all  QRadar 7.3. appliances. If you choose apply STIG hardening to your full deployment, it is recommended that you engage QRadar Professional Services to do this for you. You can contract Professional Services though your Sales Team.

Common Criteria included in all QRadar All-In-One appliances are as described in this link.

QRadar xx28-C appliances are FIPS compliant. Refer to the QRadar hardware guide for more information on FIPS.

Some of the exceptions with STIG include: Full disk encryption, SELinux (Security-Enhanced Linux) and patch maintenance. Hard drives cannot be encrypted.  HA appliances are also exception to STIG implementation. Please look at our Knowledge Center Article Exceptions to STIG Compliance for more information.

Note: Under no circumstances should you harden your system using unsupported methods. It would violate your support contract and It could lead to breaking your QRadar functionality or your deployment and significantly impact your ability to receive Appliance support.

To apply STIG hardening to your appliance, please refer to this Knowledge Center article Installing QRadar in a STIG environment overview.


Where do you find more information?



Document information

More support for: IBM QRadar SIEM

Component: Operating System

Software version: 7.3, 7.3.1

Operating system(s): Linux

Reference #: 2016403

Modified date: 07 March 2019