Applied SCAP: Automating security compliance & remediation

In this highly interactive session, you’ll learn how Red Hat collaboratively works with the National Security Agency (NSA), Defense Information Systems Agency (DISA), and other stakeholders to develop government and industry policy to secure Red Hat products using open source principles. In addition, you’ll hear how a similar methodology can be applied to other government and industry regulations like PCI, the Health Insurance Portability and Accountability Act (HIPAA), and the Sarbanes-Oxley Act (SOX).

Using the SCAP (Security Content Automation Protocol) Security Guide as a case study, you’ll also learn how human-interpreted policy can be embodied in machine-interpreted SCAP. See how that same SCAP content can be used to help securely lock down systems when provisioned and aided with continuous monitoring using Red Hat Satellite. The DISA STIG (security technical information guide) for Red Hat Enterprise Linux will also be used as a case study in this session.

This session is an update to the 2013 presentation, extended to demonstrate:

  • Patch and vulnerability scanning through SCAP.
  • Centralized security compliance scans through Red Hat Satellite.
  • Automated remediation capabilities via bash.
  • Content tailoring via SCAP Workbench.