Improve and automate compliance with Red Hat and OpenSCAP

Protecting patient data in a complex environment

The ability to collect and interpret patient data is critical in driving success for today’s modern healthcare organization.  However, organizations must also ensure that the massive amount of data available is secure and meets Health Insurance Portability and Accountability Act (HIPAA) and other government standards.  

To help customers meet this requirement for data security,  Red Hat worked with the National Institute of Standards and Technology (NIST) to develop the Security Content Automation Protocol (SCAP). The leader in open source software offerings, Red Hat, teamed with OpenSCAP, the leader in open source security protocols, to provide the tools to help prevent, detect, and mitigate security threats.  

By combining OpenSCAP and Red Hat automation, organizations can take advantage of a security hardening solution for the operating environment that provides fast, verifiable, repeatable security for HIPAA compliance. This solution can help you:

  • Improve security to protect electronic-protected health information (ePHI), meeting HIPAA requirements and reducing the risk of violations
  • Perform regular risk analysis to ensure safeguards, such as anti-virus software and role-based authentication policies are robust and up to date
  • Actively monitor and remediate vulnerabilities, increasing organization agility
  • Provide audit reporting to help your organization track down and understand exactly where, when, and how vulnerabilities were introduced

Secure your infrastructure with supported open source tools

The Red Hat Automated Security & HIPAA Compliance solution enables organizations to take control of exposure by conducting continuous security checks to find vulnerabilities across your operating environment and immediately remediate any issues. The solution provides: 

  • On demand and/or scheduled vulnerability scans and detailed reports comparing your operating environment against a number of standards—including the recently added HIPAA profile provided by OpenSCAP 1.2 
  • A dynamic inventory to automate the remediation process so immediate action can be taken to address issues, provided by Red Hat Ansible®Tower
  • A centralized web console to administer OpenSCAP profiles and the ability to identify vulnerabilities and patch, provision, and manage your operating environment, optional with Red Hat Satellite.

Build in automated security

With the Red Hat Automated Security & HIPAA Compliance solution, you can run vulnerability scans at any frequency. Scans return detailed reports that measure systems against a HIPAA profile and indicate which pass, which fail, and why that can be visualized through Satellite.

OpenSCAP can automatically generate Ansible playbooks that can be executed by Red Hat Ansible Automation Platform, so you can immediately correct any issues identified in the scan. You can then make this automation part of a standard corporate build process. As a result, you can provision and deploy fully compliant, secure systems to your environment from the start, using policies based on HIPAA.

OpenSCAP scans and reports enable an audit process to help your organization track down and understand exactly where, when, and how vulnerabilities were introduced—including any new users or settings changes that may have appeared at the same time.

Guard against configuration drift

On demand or scheduling regular system checks provides you with up-to-date protection against new vulnerabilities and threats. It also returns your systems to your baseline, which prevents the drift that can occur as new software is added, existing software evolves, and as users log in and interact with the environment.

The combined solution can be dynamically configured to your existing systems and policies, and you can adjust policies to fit your organization’s needs. With Satellite, you can additionally create customized dashboards to make it easy for users to check specific systems as needed.

image container

Reduce risk, costs, and effort

The Red Hat Automated Security & HIPAA Compliance solution reduces the downtime and manual effort required during upgrades and updates, making the never-ending task of securing your environment easier, and in turn reducing costs.

OpenSCAP profiles and playbooks are available through Red Hat at no cost or can be downloaded directly from the NIST NCP repository. Together, these tools offer a security hardening solution for your operating environment that provides fast, verifiable, repeatable security for HIPAA compliance. Please contact your account representative or visit to learn more.