Yes, I'd be very interested in such a conference. As I read through your list of items, I kept thinking..."Yes, I need that". I'm in Norfolk, Virginia and would prefer Tysons, Corner.
I would need some lead time to get funding in place as funding is difficult these days. If you plan to do this, how will it be advertised...I want to make sure I hear about it. Oh yes...the sooner the better. Thanks, Bill William G. (Bill) Saxon ND-0854-04 SPAWAR Atlantic NMCI email: [email protected] (Preferred) SPAWAR email: [email protected] Desk: 757.443.0359 Cell: 757.292.3237 Chat: [email protected] Message: 4 Date: Wed, 20 Feb 2013 14:06:13 -0500 From: Shawn Wells <[email protected]> To: [email protected] Subject: Interested in a SCAP Security Guide / STIG hack session? Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Over the past few months there has been a good bit of off-list chatting about hosting a hack session/meetup for the SSG. With the recent DISA publication of the draft STIG the timing seems right. So, would anyone be interested in meeting up where we could do things like: - Share knowledge on the installation of SSG. How do I run a scan? How do I customize settings? How do I get a report that I can show my ISSE/ISSM? How do I generate a Certification Test Plan, based off my customized rules? - Go a bit deeper, and understand how the code works. What is XCCDF? OVAL? OCIL? How do I add my own custom rules? - Prep your environment to submit patches back to the SSG. How do I setup git? How do I create a FedoraHosted account? - Chat about what additional profiles are needed. How should we handle CNSSI 12-53? What about PCI compliance? I'd like to specifically go through the RHEL6 STIG content, performing scans and generating C&A artifacts. Part of the idea on this would be attendees could take this setup home and use it to start providing feedback against the draft STIG. What do you guys think? Good idea? What topics should be covered? Jeff and I were chatting, and we'll likely be able to host either at the Red Hat office in Tysons Corner, VA, or at the IAD Mobility Lab in Annapolis Junction, MD. And there's nothing saying we wouldn't do two sessions, one per location.... we can work all that out once topics/agenda get sorted. ------------------------------ Message: 5 Date: Wed, 20 Feb 2013 19:24:03 +0000 From: Robert Sanders <[email protected]> To: "'[email protected]'" <[email protected]> Subject: RE: Interested in a SCAP Security Guide / STIG hack session? Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" I think this is an *outstanding* idea. Most of my experience with the STIGs was tied to the old SRR scripts, and the learning curve on the new format has been steep. I'd also suggest to cover topics that have been addressed here a bit such as : False positives (both identification of said and how to refer suggestions/fixes back to SSG/Disa) -Rob _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
