1 Reply Latest reply on Feb 19, 2016 10:33 AM by brett.chadwick

    PCI-DSS & STIG Assessment and Remediation under RedHat and CentOS Platforms using oscap

    brett.chadwick Apprentice

      I have recently gone through a lot of testing under Red Hat, CentOS and Linux platforms for PCI-DSS and STIG compliance, assessment, and remediation using the oscap engine. Do we have anyone that would be interested in seeing this documented with simple custom packages that could kick off the oscap validation and remediation efforts through Heat EMSS? Primarily this would be aimed at finance/retail for PCI-DSS and STIG being Federal Government and any system interacting with DOD. Not only does this replace our recently removed SCM product from EMSS but it is a important security standard for the US to help automate the testing and hardening of machines. This can also potentially be done under Windows although I have not done this testing.

        • 1. Re: PCI-DSS & STIG Assessment and Remediation under RedHat and CentOS Platforms using oscap
          brett.chadwick Apprentice

          We can generate really cool reports like these images show. Based around the assessment, and I would see a syslog, splunk or event collection picking up these files for storage. Also machine readable xml files are generated which would be more useful for automation systems. Once the analysis has been completed you can remediate the machine against all the findings. Dangerous to do without understanding the changes, but very cool especially for new builds before getting applications installed and configured.

           

          Screen Shot 2016-02-19 at 8.32.33 AM.pngScreen Shot 2016-02-19 at 8.33.01 AM.pngScreen Shot 2016-02-19 at 9.31.52 AM.pngScreen Shot 2016-02-19 at 8.41.21 AM.png

          1 of 1 people found this helpful