LinuxFest Northwest 2013

Bellingham, WA April 27th & 28th

Platinum Sponsors

SCAP Security Guide: Automating Security Compliance

Red Hat-based systems must often be configured to comply with various regulatory compliance policies, such as NIST 800-53 within the U.S. Government and CIP within the U.S. Energy market. Unfortunately language which translates thematic policies into specific deployment actions is largely unwritten and often vague.

Representing a comprehensive catalog of security controls, the SCAP Security Guide project delivers practical security guidance, baselines, and associated validation mechanisms utilizing the Security Content Automation Protocol (SCAP). The SCAP Security Guide project allows customers to rapidly deploy systems and verify their compliance against regulatory compliance policies, with pre-created “profiles” aligning to popular policies such as NIST 800-53 as used within the U.S. Government. This session will step through the SCAP Security Guide, and then allow attendees to install the software on a Red Hat Enterprise Linux 6 machine and perform automated security scans against the Defense Information Systems Agency (DISA) STIG for RHEL6. We will be covering: - What is the SCAP Security Guide? How can it be used for security automation?- What are the pieces of SCAP -- XCCDF, OVAL, CPE?- How do I author my own content?- How do I use the SSG today?

Experience level: 




Session Time Slot(s): 

Sunday, April 28, 2013 - 11:00 to 12:00



Any links or references?

This was the presentation that I was most interested in seeing at the whole festival; I was really sorry it was cancelled.

Does anyone know if there are any links or materials available?  Maybe the presentation slides?