some terminology to know: ISO: International Organization for Standardization NIST: National Institute of Standards and Technology FIPS: Federal Information Processing Standards for use in non-military government computer systems developed by NIST FIPS 140: series of cryptographic standards for DoD systems DISA: Defense Information Systems Agency STIG: Security Technical Implementation Guide specific and detailed rubric for measuring the security of computer systems compare it to your current configuration, remediate until achieve compliance there are lots of different STIGs, produced by different agencies the DISA STIG is the one most of interest Nessus: an app that can scan your computers for STIG compliance (network-based) SCAP: Security Content Automation Protocol OpenSCAP: sort of like Nessus but will also (attempt to) generate scripts for you to run to remediate your systems open-source not forked or cloned from Nessus! different codebase SCAP Workbench: OpenSCAP for an individual host as of 2019 and CentOS 7, was very crappy autogenerated remediations had severe issues when targeting a specific host and choosing some other setting !! need to review my notes for this recommend not to use until improvements are made