Šimon Lukašík

GoComply with OSCAL & FedRAMP :: Introduction to fedramp

Mon, 13 Dec 2021 00:00:00 +0000

This is the fifth and final post of the GoComply series that introduces open source pipeline to produce and process OSCAL and FedRAMP documents. If You want to achieve continuous compliance at the lowest possible cost, GoComply project is here to help. With GoComply, You will rely on open source tooling and your data will be stored in standardized formats and thus you will have a enough head room and knee room to achieve your organizational goals.

GoComply with OSCAL & FedRAMP :: Introduction to metaschema

Sat, 12 Dec 2020 00:00:00 +0000

This is the fourth post of the GoComply series that introduces open source pipeline to produce and process OSCAL and FedRAMP documents. If You want to achieve continuous compliance at the lowest possible cost, GoComply project is here to help. With GoComply, You will rely on open source tooling and your data will be stored in standardized formats and thus you will have a enough head room and knee room to achieve your organizational goals.

GoComply with OSCAL & FedRAMP :: Introduction to oscalkit

Fri, 11 Dec 2020 00:00:00 +0000

This is the third post of the GoComply series that introduces open source pipeline to produce and process OSCAL and FedRAMP documents. If You want to achieve continuous compliance at the lowest possible cost, GoComply project is here to help. With GoComply, You will rely on open source tooling and your data will be stored in standardized formats and thus you will have a enough head room and knee room to achieve your organizational goals.

GoComply with OSCAL & FedRAMP :: Introduction to OSCAL

Thu, 10 Dec 2020 00:00:00 +0000

This is the second post of the GoComply series that introduces open source pipeline to produce and process OSCAL and FedRAMP documents. If You want to achieve continuous compliance at the lowest possible cost, GoComply project is here to help. With GoComply, You will rely on open source tooling and your data will be stored in standardized formats and thus you will have a enough head room and knee room to achieve your organizational goals.

GoComply with OSCAL & FedRAMP :: Introduction to OpenControl

Tue, 08 Dec 2020 00:00:00 +0000

This is the first post of the GoComply series that introduces open source pipeline to produce and process OSCAL and FedRAMP documents. If You want to achieve continuous compliance at the lowest possible cost, GoComply project is here to help. With GoComply, You will rely on open source tooling and your data will be stored in standardized formats and thus you will have a enough head room and knee room to achieve your organizational goals.

Red Hat adopts ROLIE protocol for automated exchange of security compliance assets

Wed, 30 Sep 2020 00:00:00 +0000

Red Hat Blog has today published my post about Rolie protocol and its open source implementation Golie.

https://www.redhat.com/en/blog/red-hat-adopts-rolie-protocol-automated-exchange-security-compliance-assets

I hope you enjoy the reading. Feel free to follow up on https://gitter.im/GoComply/community

Vulnerability scanning in disconnected environments

Mon, 29 Jun 2020 00:00:00 +0000

In this post we will learn how to instruct OpenSCAP to build us a DataStream that does vulnerability scanning and yet it does not require internet connection to fetch the latest vulnerability feed.

Introduction to remote references in SCAP

An XCCDF file may contain references to remote content. That is useful in cases when we want scanners to fetch content from the remote location every time the scan is run. This may be beneficial in cases when the referenced context changes often and we always want to use the latest greatest version for scanning. Widely used example is vulnerability scanning. Consider the following snippet (or similar) that is part of any Red Hat Enterprise Linux guidance.

XSD2Go - Automatically generate golang xml parsers

Sat, 30 May 2020 00:00:00 +0000

Did you ever need to write XML parser from scratch? You can have a parser ready in few minutes! Let me introduce you to xsd2go.

Why bother?

Most of my readers will probably have an experience with the wide spread XML applications like RSS or Atom feeds, SVG, XHTML. For those well known XML applications you will find good library encapsulating the parsing for you. You just include existing parser in your project and you are done with it. However, what would you do if you cannot use it (think of license mismatch), or what would you do if there was no parsing library at all?

Steps to set-up Yubikey authentication to FreeIPA

Mon, 25 Nov 2019 00:00:00 +0000

This post presents happy path (or reference architecture). The aim is to provide reproducible steps to configure functioning smart card environment.

There are multiple ways to set-up smart card authentication. Configuration varies based on factors like

the CA that signs keys on smart cards
properties of CN (Common Name) that are required
identity mapping rules (how to translate CN from smart card to identity)
versions of client & server stack

This blog post gives concrete steps on how to set-up FreeIPA 4.6.6 (Red Hat Identity Management) server for authentication with yubikey smart card.

How to debug Smart Card authentication client

Mon, 18 Nov 2019 00:00:00 +0000

Dummy intro to smart card authentication

Smart card authentication is just like authentication with certificates and private keys (X509, PKI). The difference is that instead of fetching your private key and certificate from the disk, you let smart card do the cryptographic operations for you and private key never leaves the card. Special protocols are used on the client to allow communication between browser and the smart card.

Setting things can be difficult

Smart card authentication over HTTPS may be challenging thing to deploy. Especially, for newcomers. At one step You have to set-up all the components properly.