cc-eal:
help: |
Common Criteria is an Information Technology Security Evaluation standard
(ISO/IEC IS 15408) for computer security certification. Ubuntu 16.04 has
been evaluated to assurance level EAL2 through CSEC. The evaluation was
performed on Intel x86_64, IBM Power8 and IBM Z hardware platforms.
cis:
help: |
Ubuntu Security Guide is a tool for hardening and auditing and allows for
environment-specific customizations. It enables compliance with profiles
such as DISA-STIG and the CIS benchmarks. Find out more at
https://ubuntu.com/security/certifications/docs/usg
esm-apps:
help: |
Expanded Security Maintenance for Applications is enabled by default
on entitled workloads. It provides access to a private PPA which includes
available high and critical CVE fixes for Ubuntu LTS packages in the Ubuntu
Main and Ubuntu Universe repositories from the Ubuntu LTS release date until
its end of life. You can find out more about the esm service at
https://ubuntu.com/security/esm
esm-infra:
help: |
Expanded Security Maintenance for Infrastructure provides access
to a private ppa which includes available high and critical CVE fixes
for Ubuntu LTS packages in the Ubuntu Main repository between the end
of the standard Ubuntu LTS security maintenance and its end of life.
It is enabled by default with Ubuntu Pro. You can find out more about
the service at https://ubuntu.com/security/esm
fips:
help: |
FIPS 140-2 is a set of publicly announced cryptographic standards
developed by the National Institute of Standards and Technology
applicable for FedRAMP, HIPAA, PCI and ISO compliance use cases.
Note that "fips" does not provide security patching. For fips certified
modules with security patches please refer to fips-updates. The modules
are certified on Intel x86_64 and IBM Z hardware platforms for Ubuntu
18.04 and Intel x86_64, IBM Power8 and IBM Z hardware platforms for
Ubuntu 16.04. Below is the list of fips certified components per an
Ubuntu Version. You can find out more at
https://ubuntu.com/security/certifications#fips
fips-updates:
help: |
fips-updates installs fips modules including all security patches
for those modules that have been provided since their certification date.
You can find out more at https://ubuntu.com/security/certifications#fips.
livepatch:
help: |
Livepatch provides selected high and critical kernel CVE fixes and other
non-security bug fixes as kernel livepatches. Livepatches are applied
without rebooting a machine which drastically limits the need for
unscheduled system reboots. Due to the nature of fips compliance,
livepatches cannot be enabled on fips-enabled systems. You can find out
more about Ubuntu Kernel Livepatch service at
https://ubuntu.com/security/livepatch
realtime-kernel:
help: |
The Real-time kernel is an Ubuntu kernel with PREEMPT_RT patches integrated.
It services latency-dependent use cases by providing deterministic response times.
The Real-time kernel meets stringent preemption specifications and is suitable for
telco applications and dedicated devices in industrial automation and robotics.
The Real-time kernel is currently incompatible with FIPS and Livepatch.
ros:
help: |
ros provides access to a private PPA which includes security-related
updates for available high and critical CVE fixes for Robot Operating
System (ROS) packages. For access to ROS ESM and security updates, both
esm-infra and esm-apps services will also be enabled. To get additional
non-security updates, enable ros-updates. You can find out more about the
ROS ESM service at https://ubuntu.com/robotics/ros-esm
ros-updates:
help: |
ros-updates provides access to a private PPA which includes
non-security-related updates for Robot Operating System (ROS) packages.
For full access to ROS ESM, security and non-security updates,
the esm-infra, esm-apps, and ros services will also be enabled. You can
find out more about the ROS ESM service at
https://ubuntu.com/robotics/ros-esm