![]() ![]() ![]() Of course, the guidance in NIST SP 800-190 goes beyond technical controls. The next set of controls to be supported are inspired by the Center for Internet Security (CIS) Kubernetes benchmark v1.6. The Compliance Operator will support a number of frameworks, including the technical controls in NIST 800-53.Ĭurrently, the Compliance Operator can audit for a subset of the NIST 800-53 controls applied at the Red Hat Enterprise Linux CoreOS layer of OpenShift. Controls related to the guidance in NIST SP 800-190 are included in NIST 800-53, and a reference list is provided in Appendix B of NIST SP800-190.Īs part of Red Hat’s commitment to helping customers build, deploy and run their hybrid-cloud applications with their desired security posture, Red Hat offers a Compliance Operator that can be deployed on Red Hat OpenShift Container Platform clusters to audit for compliance with technical controls and to automatically remediate if needed. Automation requires the ability to codify guidance into technical controls. To be truly effective, container and Kubernetes security needs to be automated and leverage the declarative nature of Kubernetes wherever possible. One of the questions we’re often asked, is how OpenShift helps customers meet NIST 800-190 guidance for securing containerized applications. OpenShift takes a layered approach to securing containers, integrating security throughout the container lifecycle, from building, to deploying to running containers in mission critical environments. NIST SP 800-190 is a great source of guidance on the elements of container security and security for container orchestration solutions, such as Red Hat OpenShift Container Platform. In the fall of 2017, NIST published Special Publication 800-190, Application Container Security Guide. One such standards body is the National Institute of Standards and Technology (NIST). After evaluation, the arf.xml file will contain all results in a reusable Result DataStream format, report.html will contain a dynamic, human readable report that can be opened in a browser.įor more detailed information about how to use this command-line tool, please see the respective documentation for OpenSCAP base.As the use of cloud-native applications expands, enterprises look to trusted partners and standards bodies for guidance on best practices for securing containers and Kubernetes in production. Replace selected_profile with some profile of your choice. # oscap xccdf eval -profile selected_profile -results-arf arf.xml -report report.html /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml If you need help with choosing a profile, please see Choosing Policy section. # oscap info /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml You can display all available profiles using the info command upon the datastream like in this example: Concrete security policy is selected by choosing a profile. Its purpose is to scan the local machine. It is a command line interface of the OpenSCAP scanner. You can use the content with the oscap tool. Using SCAP Security Guide in the OpenSCAP scanner Security policies in SCAP Security Guide are available for various operating systems and other software – Fedora, Red Hat Enterprise Linux, Mozilla Firefox and others. If your systems must to comply to these baselines, you simply select appropriate profile from SCAP Security Guide. The DISA STIG for RHEL 6, which provides required settings for US Department of Defense systems, is one example of a baseline created from this guidance. SCAP Security Guide builds multiple security baselines from a single high-quality SCAP content. SCAP Security Guide transforms these security guidances into a machine readable format which then can be used by OpenSCAP to audit your system. ![]() SCAP Security Guide implements security guidances recommended by respected authorities, namely PCI DSS, STIG, and USGCB. SCAP Security Guide, together with OpenSCAP tools, can be used for auditing your system in an automated way. ![]() The guide consists of rules with very detailed description and also includes proven remediation scripts, optimized for target systems. The security policy created in SCAP Security Guide covers many areas of computer security and provides the best-practice solutions. SCAP Security Guide is a security policy written in a form of SCAP documents. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |