Red Hat Adds New NIST Certification for OpenSCAP, Expands Footprint for Open IT Security Standards
March 17 2017 - 10:09AM
Business Wire
Community-driven security compliance scanner
certified for mission-critical deployments on Red Hat Enterprise
Linux 6 and 7 by National Institute of Standards and Technology
Red Hat, Inc. (NYSE: RHT), the world's leading provider of open
source solutions, today announced that OpenSCAP 1.2, an open source
Security Content Automation Protocol (SCAP) scanner, has been
certified by the National Institute of Standards and Technology as
a U.S. government evaluated configuration and vulnerability scanner
for Red Hat Enterprise Linux 6 and 7-based systems. This
certification shows that OpenSCAP can analyze and evaluate security
automation content correctly and has the functionality and
documentation required by NIST to run in sensitive,
security-conscious environments.
A synthesis of interoperable specifications based on in-depth
community collaboration, SCAP provides an overarching security
format that security vendors supporting the standard can use. The
standard defines common operations for security scanners, providing
for security content that can be written once and run on another
certified scanner, enabling repeatable security assessments to be
done more quickly and continuously for policy compliance. Created
more than five years ago, OpenSCAP is an open source, joint
initiative between the National Security Agency, Red Hat, and the
broader open source community to address these standards.
In the U.S., the General Services Administration (GSA) requires
that technologies included in blanket purchase agreements for
vulnerability and configuration management products have formal
NIST SCAP certification (Special Notice QTA0-08-HC-B-003).
Recently, this requirement has been expressed in product
requirements in support of the DHS Continuous Diagnostics and
Mitigation (CDM) program.
With the new NIST certification, Red Hat customers required to
use SCAP for regulatory reasons, or in support of DHS CDM, no
longer need to request waivers or exemptions for their Red Hat
environments. The OpenSCAP certification extends across the Red Hat
portfolio and encompasses:
- Red Hat Enterprise Linux: In
addition to providing OpenSCAP as a system administration tool,
OpenSCAP has been integrated directly into the Red Hat Enterprise
Linux installer. Systems can now operate in continuous security
compliance from deployment through end of their lifecycle.
- Red Hat Satellite: A lifecycle
management for Red Hat Enterprise Linux-based hosts, including
enterprise configuration and vulnerability scanning.
- Red Hat CloudForms: Red Hat’s
award-winning hybrid cloud management platform, offering security
insight across cloud deployments.
- Atomic Scan: Delivered as part
of Red Hat Enterprise Linux Atomic Host, Atomic Scan is the first
NIST-certified configuration and vulnerability scanner for Linux
Containers. Atomic Scan is capable of scanning container
registries, even when containers are offline, using container
introspection.
- SCAP Workbench: A graphical
utility built for system administrators and security officers to
more easily tailor and customize SCAP-based security profiles,
without requiring in-depth knowledge of the underlying SCAP
standards.
In addition to natively providing OpenSCAP tooling in Red Hat
Enterprise Linux and associated system management offerings, Red
Hat provides the underlying development libraries for OpenSCAP.
With these libraries, independent software vendors (ISVs) can embed
NIST-certified configuration and vulnerability scanning into their
applications built for Red Hat Enterprise Linux, extending these
capabilities across bare metal, virtualized, and container
deployments.
Security automation content, consumable by OpenSCAP and other
SCAP-certified tools, is provided through the SCAP Security Guide
package. Security compliance profiles are included in both Red Hat
Enterprise Linux 6 and 7 for standards such as the Department of
Defense Security Technical Implementation Guide (STIG), PCI
compliance, and FBI Criminal Justice Information Systems
(CJIS).
Supporting Quotes
David Egts, chief technologist, Public Sector, Red
Hat“Continuous, repeatable scanning processes are key to keeping
modern, increasingly-complex computing environments more secure and
safe, and open standards help to make these processes achievable.
NIST’s new certification of OpenSCAP on the world’s leading
enterprise Linux platform provides a flexible, powerful SCAP
scanner built on open standards, making it easier for agencies and
other organizations to add verifiable, repeatable security scanning
to their repertoires.”
Alex Johns, security analyst, COACT, Inc.“Red Hat’s OpenSCAP
technology is a proven asset for organizations that must utilize a
validated scanner to meet their security and compliance needs.
OpenSCAP met all of the applicable SCAP 1.2 testing requirements
and correctly implemented the features and functions available
through SCAP for the Red Hat Enterprise Linux 6 32-bit, Red Hat
Enterprise Linux 6 64-bit, and Red Hat Enterprise Linux 7 64-bit
platforms. It was a pleasure working with such a proactive
development team throughout the validation process.”
Additional Resources
- Read more about the new OpenSCAP
certification from NIST
- Learn more about OpenSCAP and SCAP
Security Guide content
Connect with Red Hat
- Learn more about Red Hat
- Get more news in the Red Hat
newsroom
- Read the Red Hat blog
- Follow Red Hat on Twitter
- Join Red Hat on Facebook
- Watch Red Hat videos on YouTube
- Join Red Hat on Google+
- Follow Red Hat on LinkedIn
About Red Hat, Inc.
Red Hat is the world's leading provider of open source software
solutions, using a community-powered approach to provide reliable
and high-performing cloud, Linux, middleware, storage and
virtualization technologies. Red Hat also offers award-winning
support, training, and consulting services. As a connective hub in
a global network of enterprises, partners, and open source
communities, Red Hat helps create relevant, innovative technologies
that liberate resources for growth and prepare customers for the
future of IT. Learn more at http://www.redhat.com.
Forward-Looking Statements
Certain statements contained in this press release may
constitute "forward-looking statements" within the meaning of the
Private Securities Litigation Reform Act of 1995. Forward-looking
statements provide current expectations of future events based on
certain assumptions and include any statement that does not
directly relate to any historical or current fact. Actual results
may differ materially from those indicated by such forward-looking
statements as a result of various important factors, including:
risks related to the ability of the Company to compete effectively;
the ability to deliver and stimulate demand for new products and
technological innovations on a timely basis; delays or reductions
in information technology spending; the integration of acquisitions
and the ability to market successfully acquired technologies and
products; fluctuations in exchange rates; the effects of industry
consolidation; uncertainty and adverse results in litigation and
related settlements; the inability to adequately protect Company
intellectual property and the potential for infringement or breach
of license claims of or relating to third party intellectual
property; risks related to data and information security
vulnerabilities; the ability to meet financial and operational
challenges encountered in our international operations; ineffective
management of, and control over, the Company's growth and
international operations; and changes in and a dependence on key
personnel, as well as other factors contained in our most recent
Quarterly Report on Form 10-Q (copies of which may be accessed
through the Securities and Exchange Commission's website at
http://www.sec.gov), including those found therein under the
captions "Risk Factors" and "Management's Discussion and Analysis
of Financial Condition and Results of Operations". In addition to
these factors, actual future performance, outcomes, and results may
differ materially because of more general factors including
(without limitation) general industry and market conditions and
growth rates, economic and political conditions, governmental and
public policy changes and the impact of natural disasters such as
earthquakes and floods. The forward-looking statements included in
this press release represent the Company's views as of the date of
this press release and these views could change. However, while the
Company may elect to update these forward-looking statements at
some point in the future, the Company specifically disclaims any
obligation to do so. These forward-looking statements should not be
relied upon as representing the Company's views as of any date
subsequent to the date of this press release.
Red Hat, Red Hat Enterprise Linux, the
Shadowman logo, Red Hat Satellite and CloudForms are trademarks or
registered trademarks of Red Hat, Inc. or its subsidiaries in the
U.S. and other countries. Linux® is the registered trademark of
Linus Torvalds in the U.S. and other countries.
View source
version on businesswire.com: http://www.businesswire.com/news/home/20170317005357/en/
Red Hat, Inc.John Terrill,
+1-571-421-8132jterrill@redhat.com
Red Hat (NYSE:RHT)
Historical Stock Chart
From Aug 2024 to Sep 2024
Red Hat (NYSE:RHT)
Historical Stock Chart
From Sep 2023 to Sep 2024