There is no need to be an expert in security to deploy a security policy. You don’t even need to learn the SCAP standard to write a security policy. Many security policies are available online, in a standardized form of SCAP checklists.
Unfortunately, there is no universal security policy that could be applied everywhere; each organization has different needs and different security requirements. Before applying a security policy, it is necessary to think about your needs and go through the available offerings.
This page will give you a brief overview of commonly-used security policies.
From a high level point of view, a good security policy should balance security risk against your business’ needs. Security policy should be written in a pro-active way – that is, it shouldn’t describe what is forbidden, but instead what should be done, and how to do it. It is best to implement security policy using SCAP documents, for ease of automation. Security policy must incorporate any mandatory government and industry requirements, and should be regularly updated and maintained.
The SCAP Security Guide is not just one security policy, but a whole number of them. For each platform, there are several profiles which provide security policies implemented according to security baselines. You can view the guide by clicking the respective platform.
Other profiles can be derived from existing profiles using the SCAP Workbench. For more information, please see
These guides to secure configuration of following platforms with following profiles are currently available:Fedora Linux Red Hat Enterprise Linux 8