Thank you for the update Ted. That had been my expectation, so it's good to hear it confirmed. I figured it was just a matter of time because the first revision of the RHEL 7 STIG was only released in March earlier this year. I assume that DISA does something similar for the RHEL 6 content because I occasionally see SSG referenced in the Revision History for RHEL 6 STIG updates.
v/r, Brian -----Original Message----- From: Ted Brunell [mailto:[email protected]] Sent: Wednesday, July 26, 2017 2:04 PM To: SCAP Security Guide <[email protected]> Subject: [Non-DoD Source] Re: Loss of EL7 STIG profiles All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser. ________________________________ We are making progress. Still waiting to hear back on a couple of issues, but progress is being made. For others that may not know of the effort that Shawn eluded to.. I work closely with DISA in my role at Red Hat. We have a goal to eventually, align the SSG and STIG content. The benefit of everyone is that if you use SSG to do something like lock down the OS while it is being provisioned, or to periodically scan a system from Satellite server, the results of those scan will be identical to a scan using ACAS. The end result is a security posture that is much easier to maintain and a great chance that any configuration drift will not occur. R/ Ted On Wed, Jul 26, 2017 at 1:51 PM, Shawn Wells <[email protected] < Caution-mailto:[email protected] > > wrote: On 7/26/17 1:48 PM, Ted Brunell wrote: > I want to clarify something that was mentioned about automation > content earlier in this thread... > > I communicate on a regular basis with the people at DISA that are > responsible for STIG and SCAP content. They have verified that DISA > is planning on releasing automation content (aka benchmark) containing > the necessary files for RHEL 7 in the not too distant future. I am > not sure exactly when it will be released, but when it is, it will be > posted for consumption at > Caution-http://iase.disa.mil/stigs/scap/Pages/index.aspx < Caution-http://iase.disa.mil/stigs/scap/Pages/index.aspx > under SCAP 1.2 content. > > Currently, they are reviewing the SSG content for use in the benchmark > content. Nice! Thanks Ted! Great to hear they've changed their minds. Would be *fantastic* to bring DISA back into the fold of what DoD, NIST, NSA, the community, and Red Hat are doing on STIG work! How goes the work with DISA to align their content to the DoD recommended settings? _______________________________________________ scap-security-guide mailing list -- [email protected] < Caution-mailto:[email protected] > To unsubscribe send an email to [email protected] < Caution-mailto:[email protected] >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
