SCAP comes from the United States government but as many government standards it is useful even outside government circles. Several trade associations have adopted SCAP as the tool to describe security policies.
Compliance policy for organizations that handle credit and debit cards payment processing from major payment card systems — VISA, MasterCard, American Express, Discover, JCB and UnionPay.
The policy comes from a set of high-level control objectives:
Each of these high-level objectives are divided into a set of requirements. The PCI-DSS policy is a prose document outlining all the requirements. These are operating system and vendor neutral, and subject to interpretation.
SCAP content specialists from the SCAP Security Guide project take these requirements and map them to the operating system — mainly Red Hat Enterprise Linux — and services running on it. The requirements change from being abstract and subject to interpretation to concrete specific rules. This means that there are multiple ways to be PCI-DSS compliant but the SCAP Security Guide project is focused on one recommended way suitable for RHEL.
The first of its kind in the industry, Red Hat’s Certified Public Cloud Provider Program provides partners with access to a comprehensive family of Red Hat software and solutions to build out a cloud infrastructure. The program includes services that are designed to build the foundation for your Red Hat offerings and to quickly start delivering Red Hat solutions on your cloud. Read more at redhat.com.
The CCP policy is designed to make your cloud provider infrastructure ready for the Red Hat Certified Public Cloud Provider Program.