Virtualization Technology News and Information
Red Hat Adds New NIST Certification for OpenSCAP, Expands Footprint for Open IT Security Standards


Red Hat, Inc., the world's leading provider of open source solutions, today announced that OpenSCAP 1.2, an open source Security Content Automation Protocol (SCAP) scanner, has been certified by the National Institute of Standards and Technology as a U.S. government evaluated configuration and vulnerability scanner for Red Hat Enterprise Linux 6 and 7-based systems. This certification shows that OpenSCAP can analyze and evaluate security automation content correctly and has the functionality and documentation required by NIST to run in sensitive, security-conscious environments.

A synthesis of interoperable specifications based on in-depth community collaboration, SCAP provides an overarching security format that security vendors supporting the standard can use. The standard defines common operations for security scanners, providing for security content that can be written once and run on another certified scanner, enabling repeatable security assessments to be done more quickly and continuously for policy compliance. Created more than five years ago, OpenSCAP is an open source, joint initiative between the National Security Agency, Red Hat, and the broader open source community to address these standards.

In the U.S., the General Services Administration (GSA) requires that technologies included in blanket purchase agreements for vulnerability and configuration management products have formal NIST SCAP certification (Special Notice QTA0-08-HC-B-003). Recently, this requirement has been expressed in product requirements in support of the DHS Continuous Diagnostics and Mitigation (CDM) program.

With the new NIST certification, Red Hat customers required to use SCAP for regulatory reasons, or in support of DHS CDM, no longer need to request waivers or exemptions for their Red Hat environments. The OpenSCAP certification extends across the Red Hat portfolio and encompasses:

  • Red Hat Enterprise Linux: In addition to providing OpenSCAP as a system administration tool, OpenSCAP has been integrated directly into the Red Hat Enterprise Linux installer. Systems can now operate in continuous security compliance from deployment through end of their lifecycle.
  • Red Hat Satellite: A lifecycle management for Red Hat Enterprise Linux-based hosts, including enterprise configuration and vulnerability scanning.
  • Red Hat CloudForms: Red Hat's award-winning hybrid cloud management platform, offering security insight across cloud deployments.
  • Atomic Scan: Delivered as part of Red Hat Enterprise Linux Atomic Host, Atomic Scan is the first NIST-certified configuration and vulnerability scanner for Linux Containers. Atomic Scan is capable of scanning container registries, even when containers are offline, using container introspection.
  • SCAP Workbench: A graphical utility built for system administrators and security officers to more easily tailor and customize SCAP-based security profiles, without requiring in-depth knowledge of the underlying SCAP standards.

In addition to natively providing OpenSCAP tooling in Red Hat Enterprise Linux and associated system management offerings, Red Hat provides the underlying development libraries for OpenSCAP. With these libraries, independent software vendors (ISVs) can embed NIST-certified configuration and vulnerability scanning into their applications built for Red Hat Enterprise Linux, extending these capabilities across bare metal, virtualized, and container deployments.

Security automation content, consumable by OpenSCAP and other SCAP-certified tools, is provided through the SCAP Security Guide package. Security compliance profiles are included in both Red Hat Enterprise Linux 6 and 7 for standards such as the Department of Defense Security Technical Implementation Guide (STIG), PCI compliance, and FBI Criminal Justice Information Systems (CJIS).

Published Friday, March 17, 2017 2:11 PM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<March 2017>