Overview
What is RLC-H?¶
Rocky Linux from CIQ - Hardened (RLC-H) is an enhanced, security-focused edition of Rocky Linux from CIQ designed for organizations in regulated or high-security environments.
RLC-H builds upon Rocky Linux’s trusted foundation—offering full RHEL compatibility—while integrating advanced security features, real-time threat detection, and out-of-the-box compliance with major standards like DISA STIG, CIS Benchmarks, and FIPS 140-3.
Whether you're securing critical infrastructure, managing sensitive data, or enforcing strict security policies, RLC-H helps reduce risk, improve audit readiness, and streamline security operations in enterprise Linux environments.
Key Security Features¶
Rocky Linux from CIQ - Hardened includes comprehensive security enhancements designed to protect against modern threats:
Core Package Hardening¶
- glibc hardening: Removes unsafe environment variables when crossing privilege boundaries
- OpenSSH hardening: Reduces attack surface through removal of non-essential libraries
- Kernel hardening: Enhanced security configurations and runtime protection
- Memory protection: Advanced malloc hardening to prevent memory corruption attacks
Runtime Security¶
- Linux Kernel Runtime Guard (LKRG): Real-time kernel integrity checking
- Memory corruption detection: Advanced protection against buffer overflows and memory exploits
- Kernel integrity monitoring: Continuous verification of kernel code and critical data structures
Enhanced Security Policies¶
- Stronger password policies: Enforced complexity and rotation requirements
- SSH restrictions: Hardened SSH configurations with reduced attack surface
- File system permissions: Stricter access controls and permission schemes
- Network security: Enhanced firewall rules and network access controls
Compliance Frameworks¶
- DISA STIG: Security Technical Implementation Guide compliance
- CIS Benchmarks: Center for Internet Security hardening guidelines
- FIPS 140-3: Federal Information Processing Standard cryptographic compliance
- Common Criteria: International security evaluation standards
Service Level Objectives (SLO) for RLC-H¶
RLC-H includes the same commercial guarantees as Rocky Linux from CIQ, with additional security-focused SLOs:
- Timely Security Updates: RLC-H will receive updates from upstream Enterprise Linux within 30 days of general availability for all supported versions
- Critical Security Response: RLC-H will receive best efforts for remediating or mitigating critical security vulnerabilities within 30 days of a fix being available
- Hardening Updates: Security hardening improvements and new threat protections delivered through regular updates
- Compliance Maintenance: Ongoing updates to maintain compliance with security frameworks and standards
Why choose RLC-H?¶
RLC-H is the same Rocky Linux you know and love — a bug-for-bug compatible version of Red Hat Enterprise Linux (RHEL) — with advanced security hardening and value-added services like:
- Enhanced Security Hardening: Hardened core packages that help minimize zero-day attacks
- Advanced Threat Detection: Proactive protection against malicious threats
- Compliance Ready: Pre-hardened images for frameworks like DISA STIG or CIS
- FIPS 140-3 Compliant: Certified cryptographic modules for regulated environments
- Service Level Objectives (SLO): Security patches within 30 days of release
- Supply Chain Validation: Packages verified by CIQ for secure deployment
- Indemnification: Legal peace of mind for claims of infringement related to open source software
RLC-H vs RLC¶
| Feature | RLC | RLC-H |
|---|---|---|
| 1:1 compatibility with Enterprise Linux | ✅ | ✅ |
| Security hardening by CIQ | ❌ | ✅ |
| Linux Kernel Runtime Guard (LKRG) | ❌ | ✅ |
| Memory corruption protection | ❌ | ✅ |
| Enhanced malloc hardening | ❌ | ✅ |
| Pre-hardened compliance images | ❌ | ✅ |
| FIPS 140-3 certification | ❌ | Compliant |
| Advanced attack detection | ❌ | ✅ |
| Supply chain validation by CIQ | ✅ | ✅ |
| SLO on security updates | ❌ | ✅ |
| Limited indemnification | ✅ | ✅ |
| Priority dedicated access to repositories | ✅ | ✅ |
| Professional support with SLAs | Available | Available |
Use Cases¶
RLC-H is ideal for:
High-Security Environments¶
- Government agencies and contractors
- Defense and military applications
- Critical infrastructure operations
- Financial services and banking
Regulated Industries¶
- Healthcare systems handling PHI
- Financial institutions with PCI DSS requirements
- Government contractors requiring FedRAMP compliance
- Organizations subject to HIPAA, SOX, or other regulatory frameworks
Enterprise Security¶
- Companies with strict security policies
- Organizations requiring security certifications
- Businesses with valuable intellectual property
- Environments processing sensitive customer data
Support¶
- Technical Support: Professional Linux support available from CIQ.
- Training: Training programs available for RLC-H administration and security management.
For more information about RLC-H pricing, licensing, training, and support options, please contact CIQ Sales or visit the CIQ website.