More about OpenSCAP profiles
So now you're saying, "Okay, this is all good, but how do I find out what's in these profiles and which one I need?" Well, there are several ways.
The first way, which I've just shown you, is to install the SCAP Workbench on a machine with a desktop interface and read through the descriptions of all the rules for each profile.
The second way, which might be a bit easier, is to go to the OpenSCAP website and look through the documentation that they have there.
Note
You'll find information about the available OpenSCAP profiles at https://www.open-scap.org/security-policies/choosing-policy/.
As far as knowing which profile to choose, there are a few things to consider:
- If you work in the financial sector or in a business that does online financial transactions, then go with the
pci-dss
profile. - If you work for a government agency, especially if it's the U.S. government, then go with either the
stig
profile or thenispom
profile, as dictated by the particular agency. - If...