[antonvs]

They've been doing that for at least a decade, but probably quite a bit longer. Here are their hardening guidelines for RHEL 5, from 2011:

https://apps.nsa.gov/iaarchive/library/ia-guidance/security-...

They have similar guidance for Windows, web browsers, industrial control systems, etc.

[andrewmcwatters]

Interesting! Thank you for sharing this.