The Hanalyx Journal
Field notes from production.
How to scan a Linux host for compliance
Scan a Linux host for CIS/STIG compliance over SSH with Kensa. Nothing is installed on the target: agentless, read-only, safe for production, and verifiable.


How to configure Kensa once so daily scans need almost no flags
Configure Kensa's rules directory, policy variables, host inventory, and results database once so everyday check and remediate commands need almost no flags.

Why you maintain twelve codebases to enforce two frameworks
Two frameworks, twelve codebases. Why compliance automation drifts and falls 6-18 months behind every new OS, and the design decision underneath all of it.

The pain of technical compliance isn't the rules. It's the evidence.
The hard part of technical compliance isn't the controls. It's proving you stayed compliant between scans, with evidence captured at the change.

OpenWatch: The Open-Source Compliance Operating System for Federal Infrastructure
Continuous compliance posture, temporal queries, drift detection, governance workflows, and audit-ready evidence. Open source. Deploy in 10 minutes.

Why I Built Kensa: Open-Source STIG Compliance Automation
After 12 years in federal IT — Army, FBI, DHS, DoD — I built the compliance engine I wished existed. 508 rules, automatic rollback, structured evidence. Open source.
Understanding STIG Drift: Why Federal Systems Lose Compliance
STIG drift isn’t random. It’s driven by vendor updates, day-to-day admin operations, and frequent DISA benchmark changes. This guide explains the mechanics behind the 30–45 day drift cycle and how continuous compliance tools can track changes before findings pile up.

What is SCAP and Why It Matters for Federal Agencies
Learn what SCAP (Security Content Automation Protocol) is, why it matters for federal agencies, and how automation speeds audits and ATO timelines.

Security vs. Compliance: Why the Difference Matters for Your Business
Learn the difference between security and compliance, why both matter, and how businesses avoid costly fines, breaches, and inefficiency.