Morning all, I've been looking over the draft stig and had some observations (some of which may be complete naïve)
- noticed that *many* of the STIG line items have the content duplicated almost exactly (different CCI number perhaps). IPv4/IPv6 firewall items for example. Is there a requirement somewhere that each CCI number must match a discrete STIG? - regarding the SSH settings - many of the settings for /etc/ssh/sshd_config are duplicated, but I see no corresponding settings for /etc/ssh/ssh_config (Protocol, ciphers, etc). - really noob one - if IPv6 is disable, can ip6tables actually start? If not, then by disabling ipv6 you are always going to get dinged by not having ip6tables active. Other than those questions - outstanding work! -Rob _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
