1. 10 year security maintenance and CVE Patching
2. Kernel Livepatch for 24/7 patching with no downtime
3. Expanded security for infrastructure and applications
4. FIPS 140-2 cryptographic modules certified by NIST
5. Common Criteria EAL2: ISO/IEC IS 15408 validated by CSEC
6. DISA/STIG hardening for DoD compliance
7. CIS profiles for cyber defence and malware prevention