Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Home
  • Attend
    • Registration
    • Discounts
    • Venue, Hotel, and Travel
    • Why Attend?
    • Students and Grants
  • Program
    • Program at a Glance
    • Conference Program
    • Training Program
      • Training Program - Details
    • Workshops
    • Conference Topics
      • Systems and Network Engineering
      • Monitoring and Metrics
      • SRE and Software Engineering
      • Culture
    • UCMS '15
    • URES '15
    • Puppet Camp DC
  • Activities
    • Birds-of-a-Feather
    • LISA Build
    • LISA Lab
  • Sponsors and Expo
    • LISA15 Expo
    • Sponsor and Exhibitor List
    • Exhibitor Services
  • Participate
    • Call for Participation
    • Call for Research Papers and Posters
      • Submitting Papers and Posters
    • Speaker Resources
  • About
    • Conference Organizers
    • Help Promote
    • Services
    • Code of Conduct
    • Past Conferences

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

Why Attend LISA?

"In a world where technology changes rapidly, it's hard to find great resources for in-depth expertise. LISA has a terrific combination of people who create the technology and people who implement it effectively for their companies."

Matt Simmons, Northeastern University

"I like seeing where the industry is heading, how SysAdmins/engineers are evolving, tools they are using, common problems and solutions across the world."

LISA14 Attendee

"Great sessions, great presenters, great community. I feel like I can make up a year of following news and forums on the subject in a week."

LISA14 Attendee

"This was my first LISA. It was great attending a conference that focused on my role without trying to shoehorn every challenge into a specific vendor's solution. The same mix of awesome sessions, speakers, and other attendees will bring me back every year."

LISA14 Attendee

"LISA is the home of ops people who do ops correctly. I’m always motivated by the conference content and hallway conversations to be better, and I take home the knowledge needed to move closer to that goal. "

Tony Del Porto, Cisco Systems, Inc.

"If you're a sysadmin slaving away in a metaphorical basement and re-inventing the wheel every time your employer's business goals change slightly, LISA will help pull you into the light."

Marc Chiarini, Long-Time IT Admin and Researcher, MarkLogic Corp

"No matter if you are dealing with the latest tech or trying to maintain something from the dark ages of the ‘90s, there are people at LISA who are experienced with it. Heck, many of the people who _developed_ this tech attend. This is a great place to get answers and ideas."

Lee Damon, University of Washington

"LISA is the best mix of training, talks, and networking of any events I've been to. That's the reason I've been to 11 of them.”

LISA14 Attendee

help promote

LISA16 CFP button

Get more
Help Promote graphics!

sponsors

Gold Sponsor
Gold Sponsor
Gold Sponsor
Gold Sponsor
Silver Sponsor
Silver Sponsor
Silver Sponsor
Silver Sponsor
Bronze Sponsor
Bronze Sponsor
Bronze Sponsor
Bronze Sponsor
Bronze Sponsor
General Sponsor
General Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Industry Partner
Industry Partner
Industry Partner
Industry Partner
Industry Partner
Industry Partner

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

twitter

Tweets by @LISAConference

You are here

Home » Automated Security Compliance Evaluation of Your Infrastructure with SCAP
Tweet

connect with us

Automated Security Compliance Evaluation of Your Infrastructure with SCAP

Mini Tutorial
Wednesday, November 11, 2015 - 4:00pm-5:30pm

Martin Preisler, Red Hat, Inc.

Martin Preisler, Red Hat, Inc.

Martin Preisler works as a software engineer at Red Hat, Inc. He works on the Security Technologies team, focusing on security compliance using Security Content Automation Protocol. He is the principal author of SCAP Workbench, a frequent contributor to OpenSCAP and SCAP Security Guide, and a contributor to the SCAP standard specifications. Outside of Red Hat, he likes to work on open source projects related to real-time 3D rendering and game development.

Description: 

SCAP is a set of specifications related to security compliance. The primary use-case is to ensure a system is configured according to a predefined policy. It is heavily used in government, defense, and finance industries.

In this tutorial we will go through all the necessary steps towards a continuous compliance setup of an infrastructure. We will start by installing the tools and preparing the SCAP content. Then we will proceed to scan a single machine for compliance, further refining the content. After that we will explore how to scan it continuously and how to scan multiple machines at once.

Note: Fedora 22 or a Fedora 22 VM recommended. RHEL6, RHEL7, CentOS6, and CentOS7 have older versions of the packages but an additional repository can be enabled to get the latest versions. Other distributions may or may not work, depending on packaging status of the SCAP tools.

Who should attend: 

System administrators, especially government, defense, telecommunication, finance and payment processing decision-makers that are thinking about adopting SCAP or improving proactive security.

Take back to work: 
  • What is SCAP? Where can it be used?
  • Where do I get SCAP content? Where do I get the tools?
  • Ability to customize existing SCAP content for my needs
  • How to deploy customized SCAP content for a single machine and multiple machines
Topics include: 
  • SCAP, XCCDF, and OVAL
  • OpenSCAP
  • SCAP Workbench
  • oscap
  • oscap-ssh
  • oscap-docker
  • security policy tailoring/customization
  • SCE
  • Spacewalk/Satellite 5 SCAP integration
  • Foreman/Satellite 6 SCAP integration
  • USGCB, PCI-DSS, DISA STIG compliance
  • Log in or    Register to post comments

Gold Sponsors

Silver Sponsors

Bronze Sponsors

General Sponsors

Media Sponsors & Industry Partners

© USENIX

LISA is a registered trademark of the USENIX Association.

  • Privacy Policy
  • Contact Us