Inscreva-se no feed

Red Hat has long recognized how important computer security is to our customers. When we learned about NIST’s SCAP (Security Content Automation Protocol), we thought it could be very useful to our customers and the broader Linux community. With SCAP, a security checklist can be created one time and all vendors supporting the standard can consume the file formats in their tools. This approach addresses problems with complexity by taking a consolidating approach and incorporating ease of management, prevents vendor lock-in and fits well with open source ideals like freedom. For this reason, more than four years ago, Red Hat started an open source community project called OpenSCAP.

OpenSCAP aims to provide a library that can parse and evaluate each part of the SCAP standard. This way, anyone wanting to create SCAP tools can simply use the library to quickly create a new tool rather than spending a lot of time learning how to parse the content. OpenSCAP provides a multi-purpose tool designed to format content into documents or scan the system from the content. This tool can use DISA STIG, NIST's USGCB, or Red Hat's Security Response Team's content (as well as anything authored to SCAP standards). The project has also been integrated with Red Hat Satellite and a content tailoring program called scap-workbench.

The SCAP standard is large. Parts of it, such as CVE (Common Vulnerability Enumeration), OVAL (Open Vulnerability Assessment Language), and CVSS (Common Vulnerability Scoring System) are familiar, but there are other important parts, including XCDDF (eXtensible Configuration Checklist Document Format), that are not quite as familiar. Red Hat actively participates in the standards process by being an editorial board member on some of the more critical standards, helping the project standards address the needs of modern Linux platforms.

So, it is with great pleasure that we are announcing that OpenSCAP is officially under evaluation to meet NIST’s SCAP 1.2 standard in the authenticated scanner category. To ensure all tools claiming conformance actually do meet the standard, all security solution vendors must undergo this certification if they intend to claim conformance to the SCAP standard. We expect Red Hat Enterprise Linux customers to soon have a certified scanner that meets the government's requirements delivered as part of the Red Hat Enterprise Linux platform. Look for another announcement in the coming months for the results of the evaluation.

You can find out more about our sustained commitment to security certifications at http://www.redhat.com/solutions/government/certifications/. For more information about SCAP, visit http://scap.nist.gov and http://www.open-scap.org.


Sobre o autor

Navegue por canal

automation icon

Automação

Últimas novidades em automação de TI para empresas de tecnologia, equipes e ambientes

AI icon

Inteligência artificial

Descubra as atualizações nas plataformas que proporcionam aos clientes executar suas cargas de trabalho de IA em qualquer ambiente

open hybrid cloud icon

Nuvem híbrida aberta

Veja como construímos um futuro mais flexível com a nuvem híbrida

security icon

Segurança

Veja as últimas novidades sobre como reduzimos riscos em ambientes e tecnologias

edge icon

Edge computing

Saiba quais são as atualizações nas plataformas que simplificam as operações na borda

Infrastructure icon

Infraestrutura

Saiba o que há de mais recente na plataforma Linux empresarial líder mundial

application development icon

Aplicações

Conheça nossas soluções desenvolvidas para ajudar você a superar os desafios mais complexos de aplicações

Original series icon

Programas originais

Veja as histórias divertidas de criadores e líderes em tecnologia empresarial