© Dmitriy Pchelintsev, 123RF.com

© Dmitriy Pchelintsev, 123RF.com

Security compliance with OpenSCAP

Basic Protection

Article from ADMIN 08/2012
By
Testing the system landscape for compliance requirements is not typically an administrator's favorite task. The fairly new open source framework called OpenSCAP helps take some of the pain out of this chore.

A word of warning: This article contains an above average number of acronyms. This has nothing to do with the fact that I like to save time while I'm writing articles; it has more to do with the fact that the IT world loves abbreviations and that this trend becomes more extreme the more academic and official the topic. And, if government organizations have their say in defining standards, things start to get really serious – but more on that later. Whatever happens, just remember, I warned you.

If you are interested in configuring a computer system to ensure basic security standards and you live in Germany, as I do, you begin with the basic IT protection standards issued by the German federal office for security in information technology (BSI). How you proceed will be determined by the laws and regulations of your country and the industry in which you work [1].

ISO Security

No matter where you begin, a common endpoint often is applying for ISO 27001 certification. A variety of tools can help you investigate your own IT landscape and implement corresponding measures. A popular tool in the open source world for this task is Verinice [2] by SerNet GmbH, Göttingen, Germany. Verinice is an Information Security Management System (ISMS) that helps you work through the various steps needed to meet ISO 27001 compliance. Because this goes much further than configuring IT systems, you need to watch out for a variety of individual requirements, so having a tool that helps you do so is worth its weight in gold.

Even though the many local standards for basic IT protection are correct and meaningful, implementing them is way over the top if you are not interested in gaining the corresponding certification for your environment. Instead, you might simply want to ensure that your own IT

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=