I donĀ¹t believe there is official approval. I have used the SSG for a scan submitted for approval recently but the documentation package is still under review. I can let this group know when it comes back if it was accepted or not. -- Chris Kachigian StarVision Platform Product Manager Lockheed Martin IS&GS Engineering & Technology O: 301-240-7709 | C: 215-359-6331
On 2/25/14, 3:44 PM, "Bailey, Christopher D CTR USARMY AMRDEC (US)" <[email protected]> wrote: >Classification: UNCLASSIFIED >Caveats: NONE > >Does anyone know if there's been an official approval from DISA for the >use of SSG content and the openSCAP utility on RHEL 6 systems for >providing official vulnerability reports to IA inspectors? Our local IA >folks tell us that SCC is the only DISA approved/provided product that >we can use for scanning our systems and providing scan results to IA for >inspection and analysis. However, SCC only provides content up to RHEL >5, which is of no help with RHEL 6. We have our own homemade script for >scanning, but that's only good for in-house use. We need something for >producing official SCAP formatted vulnerability reports. We believe our >best option for automated scanning is the openSCAP tool with SSG >content, which is what we want to use, but there doesn't seem to be any >official acceptance for its use. > >Basically, my IA folks want to see something in writing from DISA that >says they officially approve the use of SSG content and the openSCAP >tool for proving IA compliance on RHEL 6 systems. I know that the DISA >FSO is working closely with Red Hat on SSG, but I can't find anything >like an official release from DISA. > >Thanks. > > >Classification: UNCLASSIFIED >Caveats: NONE > > >_______________________________________________ >scap-security-guide mailing list >[email protected] >https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
