Community-driven security compliance scanner certified for mission-critical deployments on Red Hat Enterprise Linux 6 and 7 by National Institute of Standards and Technology
A synthesis of interoperable specifications based on in-depth community collaboration, SCAP provides an overarching security format that security vendors supporting the standard can use. The standard defines common operations for security scanners, providing for security content that can be written once and run on another certified scanner, enabling repeatable security assessments to be done more quickly and continuously for policy compliance. Created more than five years ago, OpenSCAP is an open source, joint initiative between the National Security Agency, Red Hat, and the broader open source community to address these standards.
In the U.S., the General Services Administration (GSA) requires that technologies included in blanket purchase agreements for vulnerability and configuration management products have formal NIST SCAP certification (Special Notice QTA0-08-HC-B-003). Recently, this requirement has been expressed in product requirements in support of the DHS Continuous Diagnostics and Mitigation (CDM) program.
With the new NIST certification, Red Hat customers required to use SCAP for regulatory reasons, or in support of DHS CDM, no longer need to request waivers or exemptions for their Red Hat environments. The OpenSCAP certification extends across the Red Hat portfolio and encompasses:
In addition to natively providing OpenSCAP tooling in Red Hat Enterprise Linux and associated system management offerings, Red Hat provides the underlying development libraries for OpenSCAP. With these libraries, independent software vendors (ISVs) can embed NIST-certified configuration and vulnerability scanning into their applications built for Red Hat Enterprise Linux, extending these capabilities across bare metal, virtualized, and container deployments.
Security automation content, consumable by OpenSCAP and other SCAP-certified tools, is provided through the SCAP Security Guide package. Security compliance profiles are included in both Red Hat Enterprise Linux 6 and 7 for standards such as the Department of Defense Security Technical Implementation Guide (STIG), PCI compliance, and FBI Criminal Justice Information Systems (CJIS).
David Egts, chief technologist, Public Sector, Red Hat, “Continuous, repeatable scanning processes are key to keeping modern, increasingly-complex computing environments more secure and safe, and open standards help to make these processes achievable. NIST’s new certification of OpenSCAP on the world’s leading enterprise Linux platform provides a flexible, powerful SCAP scanner built on open standards, making it easier for agencies and other organizations to add verifiable, repeatable security scanning to their repertoires.”
Alex Johns, security analyst, COACT, Inc., “Red Hat’s OpenSCAP technology is a proven asset for organizations that must utilize a validated scanner to meet their security and compliance needs. OpenSCAP met all of the applicable SCAP 1.2 testing requirements and correctly implemented the features and functions available through SCAP for the Red Hat Enterprise Linux 6 32-bit, Red Hat Enterprise Linux 6 64-bit, and Red Hat Enterprise Linux 7 64-bit platforms. It was a pleasure working with such a proactive development team throughout the validation process.”
Red Hat is the world's leading provider of open source software solutions, using a community-powered approach to provide reliable and high-performing cloud, Linux, middleware, storage and virtualization technologies. Red Hat also offers award-winning support, training, and consulting services. As a connective hub in a global network of enterprises, partners, and open source communities, Red Hat helps create relevant, innovative technologies that liberate resources for growth and prepare customers for the future of IT.
Red Hat, Inc., a leading provider of open source solutions, today announced that NYMBUS® has established Red Hat OpenShift as ...View article
stc pay has chosen Red Hat, a leading provider of open source solutions, to help it expand its fintech services. stc pay uses Red Hat OpenShift, ...View article
Red Hat’s open hybrid cloud platform helped to speed time-to-market by 2x, halve operational costs and free up the Pibank business to focus on i...View article