SHADOW-SOFT AND CHEF PARTNER TO CREATE A COMPLIANCE PROFILE THAT HELPS CUSTOMERS QUICKLY EVALUATE THEIR SECURITY POSTURE
Chef is a leader in Continuous Automation software and one of the earliest practitioners and advocates of the DevOps movement. Chef works with the most innovative companies around the world to deliver their vision of digital transformation, providing the practices and platform to deliver software at velocity.
Chef needed a partner with domain expertise and a history of success.
Chef received a number of requests from customers for a STIG compliance profile with associated meta profiles. Chef wanted to create this profile to add value to their Chef InSpec product offering.
This project involved converting STIG SCAP Data via InSpec SCAP and filling in the holes that SCAP content has. Chef needed a partner that had domain expertise across Chef, InSpec, Security, and STIGs.
The Chef team had been impressed by Shadow-Soft’s recent Chef work, and saw the company as a thought leader in the industry. Shadow-Soft’s unique insight and domain expertise made it an appealing partner company to work with on this project.
Shadow-Soft helped Chef create a compliance profile that could be used to evaluate security posture as referenced in DISA’s RHEL 6 STIG.
Shadow-Soft was tasked with interpreting preexisting STIG content and turning it into an automated STIG Compliance profile. The STIG was chosen because it is the standard security profile used by the DoD and often adopted by commercial enterprises.
The Shadow-Soft consulting team developed a compliance profile with associated meta profiles to represent the nine security levels of the RHEL 6 STIG.
After a thorough round of testing and validation to ensure it met security standards, the end product was a ready-to-go compliance profile for the RHEL 6 STIG.
Chef customers can now use this new product to run compliance scans on their environments and quickly report on the security posture of their systems. With this enhancement to Chef InSpec, customers can use Chef Automate and InSpec in more ways than ever.
Here are a few benefits to Chef’s end-customers:
- CIOs can automatically check real time security posture for the entire fleet every fifteen minutes.
- Information Assurance professionals can focus less on administrative tasks and more on their real job – stopping security threats.
- Conversion of STIG SCAP Data to InSpec
- Clean-up of the individual controls to adhere to Shadow-Soft best practices
- Creation of meta profiles to represent the nine security levels of the STIG
- Testing and validation of STIG profiles and meta profile inheritance
- One compliance profile with associated meta profiles for the RHEL 6 STIG