7.2. OpenSCAP Prerequisites

To effectively use OpenSCAP, the following must be available:
  • A tool to verify that a system conforms to a standard.
    Satellite Server 5.5 and later use OpenSCAP as an auditing feature. This allows you to use the web interface to schedule and view compliance scans for any system.
  • SCAP content.
    You can generate your own SCAP content if you have an understanding of at least XCCDF or OVAL. XCCDF content is also frequently published online under open source licenses, and you can customize this content to suit your needs instead.

    Note

    Red Hat supports the use of templates to evaluate your systems. However, custom content authoring of these templates is not supported.
    Some examples of bodies that publish XCCDF content are:
    • The United States Government Configuration Baseline (USGCB): Official SCAP content for desktops within federal agencies that has been developed at NIST in collaboration with Red Hat, Inc. and the United States Department of Defense (DoD) using OVAL.
    • Community-provided content:
      • SCAP Security Guide: Active community-run content that sources from the USGCB requirements and widely-accepted policies and contains profiles for desktop, server, and FTP server. Suitable for Red Hat Enterprise Linux 6 and JBoss Enterprise Application Server 5.
      • OpenSCAP Content for Red Hat Enterprise Linux 6: The openscap-content package from the Red Hat Enterprise Linux 6 Optional Channel also provides default content guidance by means of a template.
SCAP was created to provide a standardized approach to maintaining system security, and the standards that are used will therefore continually change to meet the needs of the community and enterprise businesses. New specifications are governed by NIST's SCAP Release cycle in order to provide a consistent and repeatable revision workflow.