Compliance management with OpenSCAP
Enterprise computing environments may consist of thousands of computer systems, having multiple applications and services. These systems are accessed by large and diverse set of users and applications. To have a greater control over security of these vast environments a standard and unified way to scan systems for compliance with security policies is needed.
This talk focuses on using SCAP tools to retain control over large environments, scan compliance with desired policy, and use Ansible to remediate detected problems,
Install and use the SCAP Security Guide. Evaluate a server's compliance with the requirements specified by a policy from the SCAP Security Guide using OpenSCAP tools. Create a tailoring file to adjust the policy's security checks so that they’re relevant and correct for a specific system and its use case. Run Ansible Playbooks, included in the SCAP Security Guide, to remediate compliance checks that failed an OpenSCAP scan. Demonstration