Some of the most comprehensive, ready-made security policies can be found as part of the SCAP Security Guide (SSG) project, and you will often find reference to the ssg acronym in the directory and sometimes even package names. These policies, just like the CIS Benchmark we explored previously, cover many facets of Linux security and offer remediation steps. Hence, OpenSCAP can be used not just for auditing, but also for enforcing a security policy. However, it must be stated that given its nature, it is my opinion that Ansible is best suited for this task, and it is notable that, in recent upstream releases of SCAP Security Guide, Ansible playbooks are now being provided alongside the XML formatted SCAP policies ...