Thank you for the update Ted. That had been my expectation, so it's good to hear it
confirmed. I figured it was just a matter of time because the first revision of the RHEL 7
STIG was only released in March earlier this year. I assume that DISA does something
similar for the RHEL 6 content because I occasionally see SSG referenced in the Revision
History for RHEL 6 STIG updates.
v/r,
Brian
-----Original Message-----
From: Ted Brunell [mailto:tbrunell@redhat.com]
Sent: Wednesday, July 26, 2017 2:04 PM
To: SCAP Security Guide <scap-security-guide(a)lists.fedorahosted.org>
Subject: [Non-DoD Source] Re: Loss of EL7 STIG profiles
All active links contained in this email were disabled. Please verify the identity of the
sender, and confirm the authenticity of all links contained within the message prior to
copying and pasting the address to a Web browser.
________________________________
We are making progress. Still waiting to hear back on a couple of issues, but progress is
being made.
For others that may not know of the effort that Shawn eluded to.. I work closely with
DISA in my role at Red Hat. We have a goal to eventually, align the SSG and STIG content.
The benefit of everyone is that if you use SSG to do something like lock down the OS
while it is being provisioned, or to periodically scan a system from Satellite server, the
results of those scan will be identical to a scan using ACAS. The end result is a
security posture that is much easier to maintain and a great chance that any configuration
drift will not occur.
R/
Ted
On Wed, Jul 26, 2017 at 1:51 PM, Shawn Wells <shawn(a)redhat.com <
Caution-mailto:shawn@redhat.com > > wrote:
On 7/26/17 1:48 PM, Ted Brunell wrote:
I want to clarify something that was mentioned about automation
content earlier in this thread...
I communicate on a regular basis with the people at DISA that are
responsible for STIG and SCAP content. They have verified that DISA
is planning on releasing automation content (aka benchmark) containing
the necessary files for RHEL 7 in the not too distant future. I am
not sure exactly when it will be released, but when it is, it will be
posted for consumption at
Caution-http://iase.disa.mil/stigs/scap/Pages/index.aspx <
Caution-http://iase.disa.mil/stigs/scap/Pages/index.aspx > under SCAP 1.2 content.
Currently, they are reviewing the SSG content for use in the benchmark
content.
Nice! Thanks Ted! Great to hear they've changed their minds. Would be
*fantastic* to bring DISA back into the fold of what DoD, NIST, NSA, the
community, and Red Hat are doing on STIG work!
How goes the work with DISA to align their content to the DoD
recommended settings?
_______________________________________________
scap-security-guide mailing list -- scap-security-guide(a)lists.fedorahosted.org <
Caution-mailto:scap-security-guide@lists.fedorahosted.org >
To unsubscribe send an email to scap-security-guide-leave(a)lists.fedorahosted.org <
Caution-mailto:scap-security-guide-leave@lists.fedorahosted.org >