View file File name : help_data.yaml Content :cc-eal: help: | Common Criteria is an Information Technology Security Evaluation standard (ISO/IEC IS 15408) for computer security certification. Ubuntu 16.04 has been evaluated to assurance level EAL2 through CSEC. The evaluation was performed on Intel x86_64, IBM Power8 and IBM Z hardware platforms. cis: help: | Ubuntu Security Guide is a tool for hardening and auditing and allows for environment-specific customizations. It enables compliance with profiles such as DISA-STIG and the CIS benchmarks. Find out more at https://ubuntu.com/security/certifications/docs/usg esm-apps: help: | Expanded Security Maintenance for Applications is enabled by default on entitled workloads. It provides access to a private PPA which includes available high and critical CVE fixes for Ubuntu LTS packages in the Ubuntu Main and Ubuntu Universe repositories from the Ubuntu LTS release date until its end of life. You can find out more about the esm service at https://ubuntu.com/security/esm esm-infra: help: | Expanded Security Maintenance for Infrastructure provides access to a private ppa which includes available high and critical CVE fixes for Ubuntu LTS packages in the Ubuntu Main repository between the end of the standard Ubuntu LTS security maintenance and its end of life. It is enabled by default with Ubuntu Pro. You can find out more about the service at https://ubuntu.com/security/esm fips: help: | FIPS 140-2 is a set of publicly announced cryptographic standards developed by the National Institute of Standards and Technology applicable for FedRAMP, HIPAA, PCI and ISO compliance use cases. Note that "fips" does not provide security patching. For fips certified modules with security patches please refer to fips-updates. The modules are certified on Intel x86_64 and IBM Z hardware platforms for Ubuntu 18.04 and Intel x86_64, IBM Power8 and IBM Z hardware platforms for Ubuntu 16.04. Below is the list of fips certified components per an Ubuntu Version. You can find out more at https://ubuntu.com/security/certifications#fips fips-updates: help: | fips-updates installs fips modules including all security patches for those modules that have been provided since their certification date. You can find out more at https://ubuntu.com/security/certifications#fips. livepatch: help: | Livepatch provides selected high and critical kernel CVE fixes and other non-security bug fixes as kernel livepatches. Livepatches are applied without rebooting a machine which drastically limits the need for unscheduled system reboots. Due to the nature of fips compliance, livepatches cannot be enabled on fips-enabled systems. You can find out more about Ubuntu Kernel Livepatch service at https://ubuntu.com/security/livepatch realtime-kernel: help: | The Real-time kernel is an Ubuntu kernel with PREEMPT_RT patches integrated. It services latency-dependent use cases by providing deterministic response times. The Real-time kernel meets stringent preemption specifications and is suitable for telco applications and dedicated devices in industrial automation and robotics. The Real-time kernel is currently incompatible with FIPS and Livepatch. ros: help: | ros provides access to a private PPA which includes security-related updates for available high and critical CVE fixes for Robot Operating System (ROS) packages. For access to ROS ESM and security updates, both esm-infra and esm-apps services will also be enabled. To get additional non-security updates, enable ros-updates. You can find out more about the ROS ESM service at https://ubuntu.com/robotics/ros-esm ros-updates: help: | ros-updates provides access to a private PPA which includes non-security-related updates for Robot Operating System (ROS) packages. For full access to ROS ESM, security and non-security updates, the esm-infra, esm-apps, and ros services will also be enabled. You can find out more about the ROS ESM service at https://ubuntu.com/robotics/ros-esm