Mike, I see SIMP as broader than the SSG ecosystem, and also complementary. SIMP gives the ability to define full end state configuration for systems which includes security configuration. It fulfils the ops desire to have all configuration go through a single path by combining the security configuration with the system configuration. SSG provides a validation capability, allowing both ops and security to know and track system state from a security view, and document deviations (SCAPtimony). SSG also provides a quick ability to meet a security baseline, for example on initial server build, before full configuration has been applied.
As an aside, Trevor has mostly convinced me that my team should focus our future Puppet module work against SIMP. Regards, Scott Jaffa This email is UNCLASSIFIED. From: [email protected] [mailto:[email protected]] On Behalf Of Gallagher, Michael L Sent: Thursday, July 16, 2015 10:12 PM To: [email protected] Subject: SIMP Hello, I would like to hear from the members on the list about how various projects in the SSG ecosystem relate to the recently disclosed SIMP from the NSA. Obviously, it leverages the scanning tools that are part of the RHEL distribution. Is it viewed as complimentary or redundant? Mike Gallagher, CISSP, CEH
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
