Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


OpenSCAP can be used to check security configuration settings of a system, and examine the system for signs of a compromise by using rules based on standards and specifications.


OpenSCAP can be used for both, Bahmni’s on-prem installations as well as Docker based installations. In both the cases OpenSCAP will scan the base Operating System running Bahmni

OpenSCAP uses SCAP which is a line of specifications maintained by the NIST. SCAP was created to provide a standardized approach for maintaining system security. New specifications are governed by NIST’s SCAP Release cycle in order to provide a consistent and repeatable revision workflow. OpenSCAP mainly processes the XCCDF which is a standard way of expressing a checklist content and defines security checklists. It also combines with other specifications such as CPE, CCE and OVAL to create a SCAP-expressed checklist that can be processed by SCAP-validated products.