Roger, I appreciate you making the choice to join this group, and I hope that being exposed to the process the SSG team is using will contribute to your organization making informed decisions.
I need to be honest that your organizations's recent release of the draft Red Hat Enterprise Linux 7 STIG has given me a bit of extra stress at my company, as many programs that I support have been anticipating the STIG (and have identified risks associated with the release and amount of work that could come along with it). It's been tricky trying to explain to those programs how the draft relates to the output that Red Hat and the SSG group has produced. Could you take some time to explain the big picture on your release strategy for the RHEL7 STIG, and perhaps explain the big picture of the STIG process, the relationship and expectations between DISA and vendors, and what help defense contractors like myself who use vendor tools to produce solutions for the DoD can better work with your organization. As an aside, it would also be nice if you could open the PKI only areas of the DISA website available to contractor PKI cards. Tom Albrecht, CISSP-ISSEP, GPEN Cybersecurity Architect Staff Lockheed Martin MST Sent from my iPhone > On Feb 4, 2016, at 9:47 PM, Roger Greenwell <[email protected]> > wrote: > > Community Participants, > > Earlier this week a post was made to this forum/thread that made disparaging > comments regarding DISA’s leadership over the STIG development process and > our contractor’s support in this effort. I want to share with this group > that DISA government leadership is fully in charge of our actions/decisions > and our contract staff is there to provide support to us. > > Having just signed into this forum tonight, I noted the following from > Fedora’s Rules of Conduct: “Be respectful. Not all of us will agree all the > time, but disagreement is no excuse for poor behavior and poor manners. We > might all experience some frustration now and then, but we cannot allow that > frustration to turn into a personal attack. It's important to remember that a > community where people feel uncomfortable or threatened is not a productive > one.” To the author of this, WELL SAID!!!! > > Shawn Wells, in his post, noted that DISA has been a cooperative partner in > the STIG process. DISA greatly values the contributions and recommendations > from Red Hat and communities such as this, and it’s welcomed. I would > simply ask that everyone please be respectful. If there are concerns outside > of the technical area associated with this, please drop me a line and we can > discuss. My email address is [email protected]. > > Respectfully, > Roger Greenwell > Chief, Cybersecurity – DISA > -- > SCAP Security Guide mailing list > [email protected] > https://lists.fedorahosted.org/admin/lists/[email protected] > https://github.com/OpenSCAP/scap-security-guide/ -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] https://github.com/OpenSCAP/scap-security-guide/
