Red Hat has long recognized how important computer security is to our customers. When we learned about NIST’s SCAP (Security Content Automation Protocol), we thought it could be very useful to our customers and the broader Linux community. With SCAP, a security checklist can be created one time and all vendors supporting the standard can consume the file formats in their tools. This approach addresses problems with complexity by taking a consolidating approach and incorporating ease of management, prevents vendor lock-in and fits well with open source ideals like freedom. For this reason, more than four years ago, Red Hat started an open source community project called OpenSCAP.
OpenSCAP aims to provide a library that can parse and evaluate each part of the SCAP standard. This way, anyone wanting to create SCAP tools can simply use the library to quickly create a new tool rather than spending a lot of time learning how to parse the content. OpenSCAP provides a multi-purpose tool designed to format content into documents or scan the system from the content. This tool can use DISA STIG, NIST's USGCB, or Red Hat's Security Response Team's content (as well as anything authored to SCAP standards). The project has also been integrated with Red Hat Satellite and a content tailoring program called scap-workbench.
The SCAP standard is large. Parts of it, such as CVE (Common Vulnerability Enumeration), OVAL (Open Vulnerability Assessment Language), and CVSS (Common Vulnerability Scoring System) are familiar, but there are other important parts, including XCDDF (eXtensible Configuration Checklist Document Format), that are not quite as familiar. Red Hat actively participates in the standards process by being an editorial board member on some of the more critical standards, helping the project standards address the needs of modern Linux platforms.
So, it is with great pleasure that we are announcing that OpenSCAP is officially under evaluation to meet NIST’s SCAP 1.2 standard in the authenticated scanner category. To ensure all tools claiming conformance actually do meet the standard, all security solution vendors must undergo this certification if they intend to claim conformance to the SCAP standard. We expect Red Hat Enterprise Linux customers to soon have a certified scanner that meets the government's requirements delivered as part of the Red Hat Enterprise Linux platform. Look for another announcement in the coming months for the results of the evaluation.
You can find out more about our sustained commitment to security certifications at http://www.redhat.com/solutions/government/certifications/. For more information about SCAP, visit http://scap.nist.gov and http://www.open-scap.org.
Sull'autore
Altri risultati simili a questo
Ricerca per canale
Automazione
Novità sull'automazione IT di tecnologie, team e ambienti
Intelligenza artificiale
Aggiornamenti sulle piattaforme che consentono alle aziende di eseguire carichi di lavoro IA ovunque
Hybrid cloud open source
Scopri come affrontare il futuro in modo più agile grazie al cloud ibrido
Sicurezza
Le ultime novità sulle nostre soluzioni per ridurre i rischi nelle tecnologie e negli ambienti
Edge computing
Aggiornamenti sulle piattaforme che semplificano l'operatività edge
Infrastruttura
Le ultime novità sulla piattaforma Linux aziendale leader a livello mondiale
Applicazioni
Approfondimenti sulle nostre soluzioni alle sfide applicative più difficili
Serie originali
Raccontiamo le interessanti storie di leader e creatori di tecnologie pensate per le aziende
Prodotti
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Servizi cloud
- Scopri tutti i prodotti
Strumenti
- Formazione e certificazioni
- Il mio account
- Supporto clienti
- Risorse per sviluppatori
- Trova un partner
- Red Hat Ecosystem Catalog
- Calcola il valore delle soluzioni Red Hat
- Documentazione
Prova, acquista, vendi
Comunica
- Contatta l'ufficio vendite
- Contatta l'assistenza clienti
- Contatta un esperto della formazione
- Social media
Informazioni su Red Hat
Red Hat è leader mondiale nella fornitura di soluzioni open source per le aziende, tra cui Linux, Kubernetes, container e soluzioni cloud. Le nostre soluzioni open source, rese sicure per un uso aziendale, consentono di operare su più piattaforme e ambienti, dal datacenter centrale all'edge della rete.
Seleziona la tua lingua
Red Hat legal and privacy links
- Informazioni su Red Hat
- Opportunità di lavoro
- Eventi
- Sedi
- Contattaci
- Blog di Red Hat
- Diversità, equità e inclusione
- Cool Stuff Store
- Red Hat Summit