[Other organizations that wish to create a Profile from the content are welcome to use project resources as well; the project is is not intended to be a "DoD-only" thing: it is intended to provide a high-quality dictionary of SCAP content for the RHEL platform, useful for a wide variety of customers.]
Here's a rough agenda for our DoD consensus call today, based on the pre-release draft STIG profile: 0) Please introduce yourself as you join the call. 1) Should we leave (as Rules) items which require disabling certain services, which is what we have now? The RHEL 5 STIG didn't do this (and instead included enforcement of secure policies for those services, in case they were active). The approach from the RHEL 5 STIG seems reasonable to me (and makes compliance simpler for wider variety of use cases), but I would like consensus thought on it. 2) Update on STIG process / plans from FSO. This could include discussing any policy-type additions that should be expected as the project content is vetted. 3) Discussion of severities. Most are the same as the RHEL 5 STIG (where Rules are shared/similar). Let's discuss any changes. 4) Open questions/discussion. Operational concerns? Have we forgotten anything? Link is here: http://people.redhat.com/swells/scap-security-guide/RHEL6/output/table-rhel6-stig-server.html Talk to everyone at 11! Thanks, Jeff _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
