No problem. Happy to share information when I can. The process DISA follows is to publish the manual STIG and then follow that up with the benchmark. Modifications after that should come out quarterly as needed.
R/ Ted <https://red.ht/sig> On Wed, Jul 26, 2017 at 2:36 PM, Reese, Brian J CTR (US) < [email protected]> wrote: > Thank you for the update Ted. That had been my expectation, so it's good > to hear it confirmed. I figured it was just a matter of time because the > first revision of the RHEL 7 STIG was only released in March earlier this > year. I assume that DISA does something similar for the RHEL 6 content > because I occasionally see SSG referenced in the Revision History for RHEL > 6 STIG updates. > > v/r, > Brian > > -----Original Message----- > From: Ted Brunell [mailto:[email protected]] > Sent: Wednesday, July 26, 2017 2:04 PM > To: SCAP Security Guide <[email protected]> > Subject: [Non-DoD Source] Re: Loss of EL7 STIG profiles > > All active links contained in this email were disabled. Please verify the > identity of the sender, and confirm the authenticity of all links contained > within the message prior to copying and pasting the address to a Web > browser. > > > ________________________________ > > > > We are making progress. Still waiting to hear back on a couple of issues, > but progress is being made. > > > For others that may not know of the effort that Shawn eluded to.. I work > closely with DISA in my role at Red Hat. We have a goal to eventually, > align the SSG and STIG content. The benefit of everyone is that if you use > SSG to do something like lock down the OS while it is being provisioned, or > to periodically scan a system from Satellite server, the results of those > scan will be identical to a scan using ACAS. The end result is a security > posture that is much easier to maintain and a great chance that any > configuration drift will not occur. > > > R/ > > Ted > > > > > > On Wed, Jul 26, 2017 at 1:51 PM, Shawn Wells <[email protected] < > Caution-mailto:[email protected] > > wrote: > > > > > On 7/26/17 1:48 PM, Ted Brunell wrote: > > I want to clarify something that was mentioned about automation > > content earlier in this thread... > > > > I communicate on a regular basis with the people at DISA that are > > responsible for STIG and SCAP content. They have verified that > DISA > > is planning on releasing automation content (aka benchmark) > containing > > the necessary files for RHEL 7 in the not too distant future. I > am > > not sure exactly when it will be released, but when it is, it > will be > > posted for consumption at > > Caution-http://iase.disa.mil/stigs/scap/Pages/index.aspx < > Caution-http://iase.disa.mil/stigs/scap/Pages/index.aspx > under SCAP > 1.2 content. > > > > Currently, they are reviewing the SSG content for use in the > benchmark > > content. > > Nice! Thanks Ted! Great to hear they've changed their minds. Would > be > *fantastic* to bring DISA back into the fold of what DoD, NIST, > NSA, the > community, and Red Hat are doing on STIG work! > > How goes the work with DISA to align their content to the DoD > recommended settings? > > _______________________________________________ > scap-security-guide mailing list -- scap-security-guide@lists. > fedorahosted.org < Caution-mailto:scap-security- > [email protected] > > To unsubscribe send an email to scap-security-guide-leave@ > lists.fedorahosted.org < Caution-mailto:scap-security-guide-leave@lists. > fedorahosted.org > > > > > > _______________________________________________ > scap-security-guide mailing list -- scap-security-guide@lists. > fedorahosted.org > To unsubscribe send an email to scap-security-guide-leave@ > lists.fedorahosted.org > >
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
