wiki:WikiStart
Last modified 4 weeks ago Last modified on 03/19/14 18:21:28

Welcome to scap-security-guide

The scap-security-guide project (SSG) delivers security guidance, baselines, and associated validation mechanisms utilizing the Security Content Automation Protocol (SCAP). We currently provide content for Red Hat Enterprise Linux 6 (RHEL6) and JBoss Enterprise Application Server 5 (JBoss EAP5).

The project provides practical security hardening advice for Red Hat products, and also links it to compliance requirements in order to ease deployment activities, such as certification and accreditation. These include requirements in the U.S. government (Federal, Defense, and Intelligence Community) as well as of the financial services and health care industries. For example, high-level and widely-accepted policies such as NIST 800-53 provides prose stating that System Administrators must audit "privileged user actions," but do not define what "privileged actions" are. The SSG bridges the gap between generalized policy requirements and specific implementation guidance, in SCAP formats to support automation whenever possible.

To see how this works:

Major initiatives for our SCAP content include:

Getting Involved

Collaborate

Join the mailing list at: https://fedorahosted.org/mailman/listinfo/scap-security-guide

Join our community calls: https://fedorahosted.org/scap-security-guide/wiki/conferenceline

Join the project as a developer: https://fedorahosted.org/scap-security-guide/wiki/becomeadeveloper

Consume

  1. Enable the Extra Packages for Enterprise Linux (EPEL) repository by installing the epel-release RPM. This is available at http://mirrors.mit.edu/epel/6/i386/repoview/epel-release.html.
  1. Install SCAP Security Guide. Depending on previously installed packages, the SCAP Security Guide package will also download dependencies (namely, openscap-utils).
    $ sudo sh -c "yum install scap-security-guide"
    
  1. See the Usage Guide for how to use the project.


Related Projects

  • The OpenSCAP project provides an execution capability for automated checking in the SCAP formats, as well as libraries for third parties to build SCAP-supporting tools. As part of the Red Hat Enterprise Linux operating system, it means that the platform natively possesses the ability to process SCAP content, which is unique and significant.
  • The Aqueduct Project provides remediation resources such as kickstarts, Puppet modules, and hardening scripts for System Administrators who wish to become compliant with established baselines. It is important to note that SSG provides security recommendations and means for automated compliance checking/validation, but not comprehensive remediation.