Product SiteDocumentation Site

3.3. Details

Linux has an excellent track record with security but any admin that has been around long enough have seen at least one compromised machine. Many compromises come about because of human error or laziness. When properly implemented this standard will lower the chances of compromise significantly at a host and systems level. Any system of sufficient complexity is bound to have security vulnerabilites in it. This Security Policy actively detects compromises as well as actively prevents many with current technologies.
As with all CSI standards everything used in this policy is done with Free and Open Source Software. The cost, however, comes in the form of sysadmin time and training. A full understanding of this subject matter requires Red Hat Certified Architect (RHCA) skills or higher, it is worth it to have some or all of your senior architects get RHCA certified. A couple solutions discussed do active monitoring and alerting. If they are not properly configured your monitoring team will get inundated with alerts and that will effectively render the solution useless until fixed.
When looking over the specifics of this solution work with your senior architects to discuss feasibility as well as time commitments. While many of the technologies discussed in the Security Policy are common some of them may not be configured in compliance with this standard. At worst they've been disabled. Formulate a plan for implementation. Take each chapter step by step, some of them are easy to implement and test, others aren't.