Automating DISA STIG Compliance: RHEL 9 Hardening Pipeline with Ansible & OpenSCAP
Manual security hardening is tedious and error-prone. In this video, I demonstrate a fully automated Infrastructure as Code (IaC) pipeline that provisions, audits, and remediates a Red Hat Enterprise Linux 9 server to meet strict DoD DISA STIG standards.
🚀 *Project Overview:*
I built a 5-stage Ansible pipeline that:
1. Provisions a web server (Apache/httpd).
2. Performs a baseline security audit using OpenSCAP (finding 90+ high-severity vulnerabilities).
3. Automatically remediates those vulnerabilities using the 'ansible-lockdown' role.
4. Restores service availability (fixing the common "lockdown breaks the app" issue).
5. Verifies compliance with a final audit report.
🛠️ *Tech Stack:*
*Automation:* Ansible Core & Playbooks
*OS:* RHEL 9
*Compliance:* OpenSCAP, DISA STIG Profile, NIST 800-53
*Scripting:* Bash & YAML
📂 *Get the Code:*
Check out the full repository and playbooks on my GitHub: [https://github.com/TherealvictorIT/NIST-Ha...]
#GovTech #Ansible #RHEL9 #CyberSecurity #DevSecOps #RHCE #SysAdmin #NIST