Making STIG Automation Possible: A Technical Deep Dive

March 19, 2015 by Justin Nemmers

Untitled_designAnsible architect and craft beer connoisseur Jonathan Davila played a critical role in working with our trusted security partner MindPoint Group to get our joint automated security baseline project off the ground. With our release this week of the DISA STIG for RHEL 6, we’ve immediately improved the lives of Government IT admins that struggle to ensure their systems are compliant.

Merely building the Ansible role for Red Hat Enterprise Linux 6 (And CentOS variants) STIG required more than writing and organizing a collection of playbooks. In order to ensure that the role actually achieved the remediation goal, we needed to validate and verify updates through a continuous integration testing process that leverages the DISA-provided SCAP/OVAL definitions.

You can learn more about the mechanics of how Jonathan and the MindPoint Group built the STIG Role, along with technical details about how to replicate this testing method in your own environment here.

Want to learn more about the how and why? Jonathan also penned a LinkedIn article with his own thoughts about why this is an important step in the right direction for any IT organization that’s concerned about automagically applying and validating security baselines.

Learn more about automated baseline testing.
Read about why Jonathan’s excited about this here.



Justin Nemmers

Justin is the Ansible Product Owner at Ansible by Red Hat. He has spent a career helping organizations transform their IT environments by adopting new, and better making better use of existing technologies. Over his career, he has held both technical, sales, marketing and product leadership roles at a number of organizations, including Red Hat, where he ran a large services team. He resides in Raleigh, NC with his wife and children and tweets from @justnems.

rss-icon  RSS Feed

Ansible Tower by Red Hat
Ansible In-Depth Whitepaper
Ansible Tower by Red Hat
Learn About Ansible Tower