Red Hat has long recognized how important computer security is to our customers. When we learned about NIST’s SCAP (Security Content Automation Protocol), we thought it could be very useful to our customers and the broader Linux community. With SCAP, a security checklist can be created one time and all vendors supporting the standard can consume the file formats in their tools. This approach addresses problems with complexity by taking a consolidating approach and incorporating ease of management, prevents vendor lock-in and fits well with open source ideals like freedom. For this reason, more than four years ago, Red Hat started an open source community project called OpenSCAP.
OpenSCAP aims to provide a library that can parse and evaluate each part of the SCAP standard. This way, anyone wanting to create SCAP tools can simply use the library to quickly create a new tool rather than spending a lot of time learning how to parse the content. OpenSCAP provides a multi-purpose tool designed to format content into documents or scan the system from the content. This tool can use DISA STIG, NIST's USGCB, or Red Hat's Security Response Team's content (as well as anything authored to SCAP standards). The project has also been integrated with Red Hat Satellite and a content tailoring program called scap-workbench.
The SCAP standard is large. Parts of it, such as CVE (Common Vulnerability Enumeration), OVAL (Open Vulnerability Assessment Language), and CVSS (Common Vulnerability Scoring System) are familiar, but there are other important parts, including XCDDF (eXtensible Configuration Checklist Document Format), that are not quite as familiar. Red Hat actively participates in the standards process by being an editorial board member on some of the more critical standards, helping the project standards address the needs of modern Linux platforms.
So, it is with great pleasure that we are announcing that OpenSCAP is officially under evaluation to meet NIST’s SCAP 1.2 standard in the authenticated scanner category. To ensure all tools claiming conformance actually do meet the standard, all security solution vendors must undergo this certification if they intend to claim conformance to the SCAP standard. We expect Red Hat Enterprise Linux customers to soon have a certified scanner that meets the government's requirements delivered as part of the Red Hat Enterprise Linux platform. Look for another announcement in the coming months for the results of the evaluation.
You can find out more about our sustained commitment to security certifications at http://www.redhat.com/solutions/government/certifications/. For more information about SCAP, visit http://scap.nist.gov and http://www.open-scap.org.
Sobre o autor
Navegue por canal
Automação
Últimas novidades em automação de TI para empresas de tecnologia, equipes e ambientes
Inteligência artificial
Descubra as atualizações nas plataformas que proporcionam aos clientes executar suas cargas de trabalho de IA em qualquer ambiente
Nuvem híbrida aberta
Veja como construímos um futuro mais flexível com a nuvem híbrida
Segurança
Veja as últimas novidades sobre como reduzimos riscos em ambientes e tecnologias
Edge computing
Saiba quais são as atualizações nas plataformas que simplificam as operações na borda
Infraestrutura
Saiba o que há de mais recente na plataforma Linux empresarial líder mundial
Aplicações
Conheça nossas soluções desenvolvidas para ajudar você a superar os desafios mais complexos de aplicações
Programas originais
Veja as histórias divertidas de criadores e líderes em tecnologia empresarial
Produtos
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Red Hat Cloud Services
- Veja todos os produtos
Ferramentas
- Treinamento e certificação
- Minha conta
- Suporte ao cliente
- Recursos para desenvolvedores
- Encontre um parceiro
- Red Hat Ecosystem Catalog
- Calculadora de valor Red Hat
- Documentação
Experimente, compre, venda
Comunicação
- Contate o setor de vendas
- Fale com o Atendimento ao Cliente
- Contate o setor de treinamento
- Redes sociais
Sobre a Red Hat
A Red Hat é a líder mundial em soluções empresariais open source como Linux, nuvem, containers e Kubernetes. Fornecemos soluções robustas que facilitam o trabalho em diversas plataformas e ambientes, do datacenter principal até a borda da rede.
Selecione um idioma
Red Hat legal and privacy links
- Sobre a Red Hat
- Oportunidades de emprego
- Eventos
- Escritórios
- Fale com a Red Hat
- Blog da Red Hat
- Diversidade, equidade e inclusão
- Cool Stuff Store
- Red Hat Summit