Saturday, February 8 • 13:20 - 14:00
Vulnerability management and security compliance by SCAP

Sign up or log in to save this to your schedule and see who's attending!

Security compliance is conformance to security requirements that are usually defined either by industry standards (USGCB, DISA STIG, PCI DSS) or custom policies specified by an organization itself. Unfortunately reaching the compliance is not that easy. Some of the issues users may run into are:
* lack of a security guidances, checklists, and associated validation mechanisms
* lack of high quality (as in certified) scanners - auditing tools
* difficulties with security profiles customization
* missing remediation capability in current standards (remediation allow users to alter system configuration in order to put system into compliance)
* integration with system management solutions that can facilitate monitoring and reporting

In this talk we will introduce various components (scanner, data, installer and systems management solution) that comes into play when we deal with these kind of challenges. We will also describe work-flow these components have established and we will show you where and how you can start contributing in order to make the security compliance more suitable for your needs. Our main focus will be on contribution to the compliance requirements repository which is hosted by the scap-security-guide project.


Jan Lieskovsky

Software Engineer, Red Hat
SCAP, compliance, security audits
avatar for Peter Vrabec

Peter Vrabec

Supervisor Software Engineer, Red Hat

Saturday February 8, 2014 13:20 - 14:00
Workshop room L2 - C525

Attendees (0)