Thankyou for the detailed explanation, Jan. I will discuss this with my team here and will get back to you.
Regards, Bharath M -----Original Message----- From: Jan Cerny [mailto:jce...@redhat.com] Sent: Thursday, February 09, 2017 1:55 PM To: Mohanraj, Bharath Cc: open-scap-list@redhat.com Subject: Re: [Open-scap] Open SCAP for Windows Hi Bharath, We're very pleased that you're interested in OpenSCAP project. Indeed, OpenSCAP is a great tool for evaluating compliance with a given security policy for bare-metal machines, virtual machines and also containers. Actually, OpenSCAP was designed to be able to integrate with other products, and it already is integrated with system management solutions like ManageIQ, Red Hat Satellite, and Project Atomic. I will try to answer your questions. ad 1) Define a security policy (SCAP Content): First of all, I'd like to mention that our project "SCAP Security Guide" [1] provides tested and verified SCAP Content for various systems. It implements popular security benchmarks like PCI-DSS, STIG or USGCB. Windows is not currently supported by SCAP Security Guide, but that's just because nobody started implementing it. It's an open-source project, so any contributions are welcome :-) Secondly, if the content provided by "SCAP Security Guide" doesn't exactly fit user's needs, it can be easily customized by a GUI tool called SCAP Workbench. Also, we in OpenSCAP strongly focus on compliance with SCAP standards as defined by specification. That means OpenSCAP is able to evaluate any SCAP content that you can obtain from third-party sources (there are many available) our create yourself. Unfortunately, we don't provide any "SCAP editor" that would enable to create security policies from scratch for people with any knowledge of respective SCAP standards. That's mainly because of complexity of the standards, so people rather prefer to have SCAP content written by security experts than spending weeks by struggling with SCAP languages. ad 2) Scan a Windows machine: We can't scan Windows machines now, because we don't have implemented Windows checks yet. Fortunately, our developer Raphael Sanchez Prudencio started to work on Windows scanning last week. He is in design phase now, and he has started a discussion on the mailing list recently [2]. If you have any comments or if you are able to help him somehow, please don't hesitate to contact him. ad 3) Get the results from Open SCAP on whether the Windows machine is compliant This requirement obviously needs to have Windows scanning implemented first :-) as I mentioned above. On Linux, it is possible to get the results either in machine-readable form of XML documents or as a very nice detailed HTML report that user can display in his web browser. If Windows will be supported in future, reporting should work in the same way as on Linux. [1] https://urldefense.proofpoint.com/v2/url?u=https-3A__www.open-2Dscap.org_security-2Dpolicies_scap-2Dsecurity-2Dguide_&d=CwIFaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=AUaowh4kDgwmfFF8B9dpIGVcrfeOZDaHu6Di1CZTnp4&m=6wh69S7-VLPd67PefRgUWaRDngvqyBGwloUIiu1ULIk&s=QC_FyHkeZSYVA_RXoHaPl4jFZoZjPVnQd8fkg5lyqKY&e= [2] https://urldefense.proofpoint.com/v2/url?u=https-3A__www.redhat.com_archives_open-2Dscap-2Dlist_2017-2DFebruary_msg00001.html&d=CwIFaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=AUaowh4kDgwmfFF8B9dpIGVcrfeOZDaHu6Di1CZTnp4&m=6wh69S7-VLPd67PefRgUWaRDngvqyBGwloUIiu1ULIk&s=Xnyuu2a6RIG98NTFRr_UsUjTVoaSGK_7LPS4DN6UDqg&e= I hope that I helped you a little and I'm looking forward to hear from you again. Best regards Jan Černý Security Technologies | Red Hat, Inc. ----- Original Message ----- > From: "Bharath Mohanraj" <bharath_mohanraj...@bmc.com> > To: open-scap-list@redhat.com > Sent: Wednesday, February 8, 2017 7:34:19 AM > Subject: [Open-scap] Open SCAP for Windows > > > > Hi Team, > > > > I work for a client management product, and I see Open SCAP to be a promising > solution for validating compliance of machines based on a defined policy. > > > > I’m more interested in making use of Open SCAP in the product I work for, but > however I need some assistance from you. > > > > Please let me know if this can be achieved, > > - Define a security policy (SCAP Content) > > - Scan a Windows machine > > - Get the results from Open SCAP on whether the Windows machine is compliant > > > > Please let me know if this can be achieved. > > > > Regards, > > Bharath M > > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.redhat.com_mailman_listinfo_open-2Dscap-2Dlist&d=CwIFaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=AUaowh4kDgwmfFF8B9dpIGVcrfeOZDaHu6Di1CZTnp4&m=6wh69S7-VLPd67PefRgUWaRDngvqyBGwloUIiu1ULIk&s=On5li6cvuSS9drcI1cgw5VT5hUgcCgJFj5t76juvBwc&e= > _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list