You are here
Automated Security Compliance Evaluation of Your Infrastructure with SCAP
Martin Preisler, Red Hat, Inc.
Martin Preisler works as a software engineer at Red Hat, Inc. He works on the Security Technologies team, focusing on security compliance using Security Content Automation Protocol. He is the principal author of SCAP Workbench, a frequent contributor to OpenSCAP and SCAP Security Guide, and a contributor to the SCAP standard specifications. Outside of Red Hat, he likes to work on open source projects related to real-time 3D rendering and game development.
SCAP is a set of specifications related to security compliance. The primary use-case is to ensure a system is configured according to a predefined policy. It is heavily used in government, defense, and finance industries.
In this tutorial we will go through all the necessary steps towards a continuous compliance setup of an infrastructure. We will start by installing the tools and preparing the SCAP content. Then we will proceed to scan a single machine for compliance, further refining the content. After that we will explore how to scan it continuously and how to scan multiple machines at once.
Note: Fedora 22 or a Fedora 22 VM recommended. RHEL6, RHEL7, CentOS6, and CentOS7 have older versions of the packages but an additional repository can be enabled to get the latest versions. Other distributions may or may not work, depending on packaging status of the SCAP tools.
System administrators, especially government, defense, telecommunication, finance and payment processing decision-makers that are thinking about adopting SCAP or improving proactive security.
- What is SCAP? Where can it be used?
- Where do I get SCAP content? Where do I get the tools?
- Ability to customize existing SCAP content for my needs
- How to deploy customized SCAP content for a single machine and multiple machines
- SCAP, XCCDF, and OVAL
- SCAP Workbench
- security policy tailoring/customization
- Spacewalk/Satellite 5 SCAP integration
- Foreman/Satellite 6 SCAP integration
- USGCB, PCI-DSS, DISA STIG compliance