Compliance Automation with OpenSCAP

A presentation at Red Hat Summit 2016 in in San Francisco, CA, USA by Shawn Wells

Co-presented with Jeff Blank of NSA Information Assurance

Compliance hasn’t been something that can be easily automated, since most of the regulations are wordy documents that require an administrator to inspect the system. Lack of automation means that compliance becomes a hurdle to a secure system, rather than a validation. Many organizations are using OpenSCAP, an auditing tool that creates a standard security checklist for enterprise systems. OpenSCAP provides practical security hardening advice for Red Hat products and links to compliance requirements, making deployment activities like certification and accreditation easier.

In this session, you will learn how to use OpenSCAP along with Red Hat products, like Red Hat® Satellite 6, to ensure security and compliance in your enterprise. SCAP provides us a way to create machine-readable controls that can automate compliance checks. Satellite provides a way to centralize our SCAP needs and execute fixes and checks at install time. Satellite can also provide an ongoing review of our real-time compliance stance of our systems. You will also hear real-world compliance successes by organizations, who used SCAP along with Red Hat services and solutions.