...
OpenSCAP can be used to check security configuration settings of a system, and examine the system for signs of a compromise by using rules based on standards and specifications.
| Info |
|---|
OpenSCAP can be used for both, Bahmni’s on-prem installations as well as Docker based installations. In both the cases OpenSCAP will scan the base Operating System running Bahmni |
OpenSCAP uses SCAP which is a line of specifications maintained by the NIST. SCAP was created to provide a standardized approach for maintaining system security. New specifications are governed by NIST’s SCAP Release cycle in order to provide a consistent and repeatable revision workflow. OpenSCAP mainly processes the XCCDF which is a standard way of expressing a checklist content and defines security checklists. It also combines with other specifications such as CPE, CCE and OVAL to create a SCAP-expressed checklist that can be processed by SCAP-validated products.
...