Building Security Certifications Into Your Image Builder Blueprint
Red Hat News, Tuesday, July 18,2023
I imagine I am not the only systems administrator who struggled with driving security compliance across a disparate fleet of Linux systems. It took up hours of administrative time and often required interaction with a third-party auditor to validate the results.
Let's talk about the multiplication here: You may have a batch of systems that handle payment processing, so they are required to comply with the rules for PCI-DSS. You may have another set of systems that handle your patient's medical records, which would fall under the purview of HIPAA. Many of these certifications require compliance in over a hundred points. Multiply that by dozens of systems in each environment, and multiply that again by multiple environments (dev, prod, etc.), and now you have thousands of line items that need to be reviewed every quarter.
For me, that took the form of an Excel spreadsheet where each sheet represented an individual server. I can't tell you how often my laptop would lock up because Excel would crash trying to load all the data! I will show you how those spreadsheets and hours of toil can now be a practice of the past. To do so, we'll need the Red Hat Enterprise Linux image builder and an OpenSCAP profile.