Hi, they could (should) be all translated in XCCDF http://scap.nist.gov/specifications/xccdf/
Now, in these tools, you can use the profiles as is, or use the defined ones and customize them. More info on the benchmarks http://frhack.org/research/xorcism.php 2013/7/26 Albert R. Campa <[email protected]> > Hello everyone. :) > > I am doing some work on baseline/benchmark/compliance/config auditing, and > I would like to get some experience feedback on doing editing/modifcation > of these benchmarks. > > As you know there are many standards CIS, DISA, PCI, etc, on many > platforms, MS, Linux, DB, Cisco, etc. > > My questions is for anyone who does this are the following: > > Do you use default policies from CIS, DISA, etc and run with that? > Do you use a CIS, DISA, etc as a start and then modify to org standards? > Or do you just create a baseline from scratch? > > I created a blog post on this, showing my point of view using Nessus and > Nexpose. > > http://compusec.org/2013/07/25/configuration-benchmark-auditing-with-nexpose-and-nessus/ > > I also want to find out from you how useful would a gui be to edit/create > these audit policies? If you read the blog post you will see where I am > coming from, as well as Tenable/Rapid7 point of view. Hopefully we have > some Nexpose users on this list. ;) > > Thanks, > > Albert Campa > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
