Wow, I get busy for a week and I miss a critical thread (to me anyway)!

SIMP is absolutely complimentary to the SSG and to OpenSCAP. The SSG is part of the policy/guidance stack upon which SIMP is based. The goal of SIMP is to be able to ramp teams up to the 80% mark in terms of both functionality and compliance that pretty much all teams require.

Instead of being rigid, we are attempting to allow for maximum operational flexibility so that 1) you understand what you've got on your systems 2) you understand *exactly* what you've changed over time, and 3) you can make minute changes to systems based on operational requirements and repeat the whole deal consistently across different environments.

We've had a bumpy ride transitioning to working with the standard Internet stack but we've gotten to the point where others should be able to successfully build the SIMP installation stack.

The community is starting to get some traction and, as soon as we figure out what to do about SourceForge, things should be relatively smooth sailing moving forward.

Thanks,

Trevor

On Sun, Jul 19, 2015 at 5:51 AM, Simon Lukasik <isimluk@fedoraproject.org> wrote:
On 07/17/2015 04:11 AM, Gallagher, Michael L wrote:
Hello, I would like to hear from the members on the list about how
various projects in the SSG ecosystem relate to the recently disclosed
SIMP from the NSA.  Obviously, it leverages the scanning tools that are
part of the RHEL distribution.  Is it viewed as complimentary or redundant?

https://github.com/NationalSecurityAgency/SIMP

 *Mike Gallagher, CISSP, CEH*


Purely from engineering stand-point, I pay tribute for what the SIMP team achieved. They have been able to orchestrate a lot of emerging technologies, technologies that change quickly, and put them together in a meaningful way. I also applaud to their courage to open-source whole thing. I wish it will pay off.

Best,

--
Šimon Lukašík
Security Technologies, Red Hat, Inc.

--
SCAP Security Guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/



--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699

-- This account not approved for unencrypted proprietary information --