BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Posts Tagged ‘SCAP’

SCAPblog-img2

Going Beyond SCAP for Benchmark Compliance

Posted February 24, 2014    Morey Haber

SCAP configuration compliance assessments, commonly referred to as “Benchmark” assessments, are traditionally cumbersome tasks when multiple benchmarks have to be tested against multiple targets at the same time. For the vast majority of SCAP-certified tools, this means executing one benchmark at a time against a valid host(s) and reviewing the results. The same targets often…

Tags:
, , , , , ,
retinacs-img9

Creating a Gold Image SCAP Template for Windows

Posted March 21, 2013    Bill Tillson

One of the challenges of Benchmark Configuration management is creating or modifying SCAP OVAL content to match your business policies and requirements. The following procedure is recommended to create custom Windows benchmarks for the Retina Network Security Scanner and Retina CS via local system policy, Local GPO, and Microsoft Security and Compliance Manager. For starters,…

Tags:
, , , ,
img-mobile

A Basic Guide to SCAP

Posted March 24, 2011    Morey Haber

The Security Content Automation Protocol (SCAP, pronounced S-cap) is a suite of open standards that when referenced together, deliver an automated vulnerability management, measurement, and policy compliance evaluation for network assets. The first version of the suite specification focused on standardizing communication of endpoint related data and to provide a standardized approach to maintaining the…

Tags:
, ,
sticky

Automating Configuration Auditing

Posted March 15, 2011    Morey Haber

????????I want to discuss a rather simple use case with my readers that until recently, had a rather complex solution. Consider you are a major airline, corporation, or even a local government with thousands of systems that should be identical from a configuration perspective. These could be airline check-in kiosks, a call center handling support calls,…

Tags:
, , , , , , , , ,

Too Many Regulatory Standards, Only One Tool Please

Posted November 12, 2010    Morey Haber

About every two years, I indulge myself with a new laptop. This time, I waited almost three years and will be retiring my old Dell XPS M1330 for a new Alienware M15x. I wanted raw horsepower for virtual machines in a laptop format and was not as concerned about battery life (since I carry an…

Tags:
, , , , , , , , , , , , , , , , ,

Benchmarks as a Point of Reference

Posted November 3, 2010    Morey Haber

I have been reading Stephen Hawking’s new book, “The Grand Design” and am completely stunned by the analogies he uses to simplify perception, measurements, and even quantum physics. This book is not light reading and has had me looking up terms using old college textbooks and Google multiple times. The one thing that fascinates me…

Tags:
, , , , , , , ,