This morning DISA FSO released an update against the Red Hat Enterprise Linux 6 STIG.
- Clarifying language on contentious requirements; - For customers performing manual system verification, there's been a focus on properly documenting pass/fail tests; - A few dozen bug fixes; - Now includes OVAL automation; - Release notes clearly indicate SSG as upstream consensus content! :)
Official content can be found on the DISA FSO website: http://iase.disa.mil/stigs/os/unix/red_hat.html
I put a note out on social media for those (like myself) who didn't receive FSO's EMail. Feel free to help pass the word!
LinkedIn: http://linkd.in/1jjQwtV
Or twitter: http://bit.ly/1kjLDBp
Excellent! Thanks Shawn.
The README says: The STIG_Benchmark files are packaged separately and are available through a PKI enabled link. They are for use with an SCAP tool for automated scanning and will only be included for technologies for which we currently have OVAL.
But I haven't been able to find the content. Is this available yet? If not, is there an ETA?
Thanks, Phillip Marlow
-----Original Message----- From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf Of Shawn Wells Sent: Monday, May 19, 2014 10:49 PM To: scap-security-guide Subject: EXT :19-MAY DISA RHEL6 STIG rebase
This morning DISA FSO released an update against the Red Hat Enterprise Linux 6 STIG.
- Clarifying language on contentious requirements; - For customers performing manual system verification, there's been a focus on properly documenting pass/fail tests; - A few dozen bug fixes; - Now includes OVAL automation; - Release notes clearly indicate SSG as upstream consensus content! :)
Official content can be found on the DISA FSO website: http://iase.disa.mil/stigs/os/unix/red_hat.html
I put a note out on social media for those (like myself) who didn't receive FSO's EMail. Feel free to help pass the word!
LinkedIn: http://linkd.in/1jjQwtV
Or twitter: http://bit.ly/1kjLDBp
_______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
I asked FSO the same thing yesterday and they told me it's not ready yet.
Chris
Sent from my iPhone
On May 20, 2014, at 9:08 AM, "Marlow, Phillip J (IS)" Phillip.Marlow@ngc.com wrote:
Excellent! Thanks Shawn.
The README says: The STIG_Benchmark files are packaged separately and are available through a PKI enabled link. They are for use with an SCAP tool for automated scanning and will only be included for technologies for which we currently have OVAL.
But I haven't been able to find the content. Is this available yet? If not, is there an ETA?
Thanks, Phillip Marlow
-----Original Message----- From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf Of Shawn Wells Sent: Monday, May 19, 2014 10:49 PM To: scap-security-guide Subject: EXT :19-MAY DISA RHEL6 STIG rebase
This morning DISA FSO released an update against the Red Hat Enterprise Linux 6 STIG.
- Clarifying language on contentious requirements; - For customers performing manual system verification, there's been a focus on properly documenting pass/fail tests; - A few dozen bug fixes; - Now includes OVAL automation; - Release notes clearly indicate SSG as upstream consensus content! :)Official content can be found on the DISA FSO website: http://iase.disa.mil/stigs/os/unix/red_hat.html
I put a note out on social media for those (like myself) who didn't receive FSO's EMail. Feel free to help pass the word!
LinkedIn: http://linkd.in/1jjQwtV
Or twitter: http://bit.ly/1kjLDBp
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
On 5/20/14, 9:45 AM, Kachigian, Christopher R wrote:
I asked FSO the same thing yesterday and they told me it's not ready yet.
Chatted with FSO this morning. OVAL made the release notes a bit early; we'll see the OVAL soon (week or two).
Shawn,
For those of still on the learning curve in this area, could you explain how this announcement impacts everything? I'd be happy to put together a blog post / tutorial for GovReady to explain.
DISA updates RHEL 6 STIG (Security Technical Implementation Guide).
What's upstream and downstream from each other?
Where does a person go to get *started* with the STIG? Where does a person go to *update* their work, how do you update?
What does the OVAL integration really mean? How does a person take advantage of it?
How does STIG impact USG baselines? What is the relationship to other baselines like the CIS baselines?
Greg Elin personal cell: 917-304-3488 personal email: greg@fotonotes.net email: gregelin@gitmachines.com
On Mon, May 19, 2014 at 10:48 PM, Shawn Wells shawn@redhat.com wrote:
This morning DISA FSO released an update against the Red Hat Enterprise Linux 6 STIG.
- Clarifying language on contentious requirements; - For customers performing manual system verification, there's been afocus on properly documenting pass/fail tests; - A few dozen bug fixes; - Now includes OVAL automation; - Release notes clearly indicate SSG as upstream consensus content! :)
Official content can be found on the DISA FSO website: http://iase.disa.mil/stigs/os/unix/red_hat.html
I put a note out on social media for those (like myself) who didn't receive FSO's EMail. Feel free to help pass the word!
LinkedIn: http://linkd.in/1jjQwtV
Or twitter: http://bit.ly/1kjLDBp
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
Shawn,
Do you know if there are plans to submit the Red Hat Enterprise Linux 6 update to the National Checklist Program (NCP)? It appears the version on the NCP is from July 2013.
Thanks, Melanie
Melanie Cook SCAP Validation Program Manager NIST | Information Technology Laboratory | Computer Security Division | SCAP Validation Program http://scap.nist.gov/validation/
-----Original Message----- From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf Of Shawn Wells Sent: Monday, May 19, 2014 10:49 PM To: scap-security-guide Subject: 19-MAY DISA RHEL6 STIG rebase
This morning DISA FSO released an update against the Red Hat Enterprise Linux 6 STIG.
- Clarifying language on contentious requirements; - For customers performing manual system verification, there's been a focus on properly documenting pass/fail tests; - A few dozen bug fixes; - Now includes OVAL automation; - Release notes clearly indicate SSG as upstream consensus content! :)
Official content can be found on the DISA FSO website: http://iase.disa.mil/stigs/os/unix/red_hat.html
I put a note out on social media for those (like myself) who didn't receive FSO's EMail. Feel free to help pass the word!
LinkedIn: http://linkd.in/1jjQwtV
Or twitter: http://bit.ly/1kjLDBp
_______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
On 5/21/14, 11:10 AM, Cook, Melanie Richardson wrote:
Shawn,
Do you know if there are plans to submit the Red Hat Enterprise Linux 6 update to the National Checklist Program (NCP)? It appears the version on the NCP is from July 2013.
Yes! I've been trying to contact someone at NIST for over 5 months to get content posted. Any pointers?
Shawn
On 5/21/14, 11:14 AM, Shawn Wells wrote:
On 5/21/14, 11:10 AM, Cook, Melanie Richardson wrote:
Shawn,
Do you know if there are plans to submit the Red Hat Enterprise Linux 6 update to the National Checklist Program (NCP)? It appears the version on the NCP is from July 2013.
Yes! I've been trying to contact someone at NIST for over 5 months to get content posted. Any pointers?
Melanie (off-list) sent some names for me to begin collaborating with in an official @redhat capacity.
Thanks, Melanie!
scap-security-guide@lists.fedorahosted.org
-
Cook, Melanie Richardson -
Greg Elin -
Kachigian, Christopher R -
Marlow, Phillip J (IS) -
Shawn Wells