Brussels / 1 & 2 February 2020


Compliance management with OpenSCAP and Ansible

Using OpenSCAP and Ansible for compliance management of large computing environments

Managing compliance of large IT environment is complex and challenging task. Today's hybrid cloud environments are having different life cycles, when considering many short lived system like cloud instances its difficult to manage compliance on the go. This talk focuses on how OpenSCAP policies, tools and Ansible can be used to have greater control of compliance of large environments.

Compliance management with OpenSCAP

Enterprise computing environments may consist of thousands of computer systems, having multiple applications and services. These systems are accessed by large and diverse set of users and applications. To have a greater control over security of these vast environments a standard and unified way to scan systems for compliance with security policies is needed.

This talk focuses on using SCAP tools to retain control over large environments, scan compliance with desired policy, and use Ansible to remediate detected problems,

Install and use the SCAP Security Guide.
Evaluate a server's compliance with the requirements specified by a policy from the SCAP Security Guide using OpenSCAP tools.
Create a tailoring file to adjust the policy's security checks so that they’re relevant and correct for a specific system and its use case. 
Run Ansible Playbooks, included in the SCAP Security Guide, to remediate compliance checks that failed an OpenSCAP scan.


Amit Upadhye