Automated Linux Secure Host Baseline for Real-Time Applications Requiring SCAP Compliance

Abstract

With the emergence of Linux real-time applications and the ever-growing cyber security requirements being imposed on those systems in high security environments, a need has developed for an automated and quantitative approach for developing a solution. The development and mandate for a Department of Defense Windows Secure Host Baseline has provided a framework for how to approach an equivalent Linux Secure Host Baseline. However, a method for automating a cyber security compliant Linux distribution with real-time capability has not yet been created. Utilizing National Institute of Standards and Technology (NIST) approved tools and security guidelines (DISA STIG), this work has produced an automated Linux distribution capable of performing real-time functions with a 96.15% security compliance performance metric. The compliance deficiencies have been addressed to a satisfactory level based on their context. The promising results show that this approach can be utilized by other organizations for Linux real-time application development and deployment with customized environments specific to their needs while maintaining a high level of security posture. The methodology proposed provides a template for designing, customizing, and maintaining the solution.