On 12/1/17 9:34 PM, Beth Lynn Eicher wrote: > > Greetings, > > I am excited to be involved in the OpenSCAP community as a security > specialist. My research as a hopeful grant recipient of the Department > of Energy Small Business Innovation Research program drives me to > contribute to OpenSCAP. My topic of research is how to secure a High > Performance Computing ecosystem and I am convinced that OpenSCAP is > the way to go. After attending the OpenSCAP tutorial at the USENIX > Large Installation System Administrator conference under the diversity > scholarship, I could not be more convinced of OpenSCAP’s capabilities > of automating at scale the monumental task of securing a supercomputer. > > I have worked as a system administrator in research computing for over > 17 years. At times it was my responsibility as a subject matter expert > to bring one component of this ecosystem to compliance. The work was > often tedious with manually configuration verification and penetration > testing. I have tried CIS-CAT but I found the scripts inflexible. The > inability of CIS-CAT to port your own security plan goes against my > personal preference of freedom. I applaud Red Hat for sponsoring a > superior solution. > > In full disclosure, I have always been a fan of Red Hat and I am an > active Fedora Project contributor. FAS:bethlynn > > Thank you very much for allowing me to introduce myself. I’m very much > looking forward to working with OpenSCAP. >
Welcome! A few years ago Lockheed Martin presented at Red Hat Summit about their use of SCAP on the DoD Centralized Super Facility. It's a cross-domain supercomputer for U.S. Intelligence processing. Their story begins on page 40: https://shawnwells.io/wp-content/uploads/2015-06-25-Summit-Security-Compliance-Made-Easier.pdf LMCO also received government approval to open source their RHEL6 baseline: https://github.com/OpenSCAP/scap-security-guide/blob/master/rhel6/profiles/CSCF-RHEL6-MLS.xml Their work with the CNSSI 1253 overlays was incorporated into RHEL7 as well: https://github.com/OpenSCAP/scap-security-guide/blob/master/rhel7/profiles/ospp-rhel7.xml#L11 Sometimes we still hear "security slows my processing," or the dreaded "we turn SELinux off for performance." Helping the community understand what you've seen for HPC systems, or broadly what impact security settings have on performance-based systems, would be a very valuable contribution.
_______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
