SSG_CWS 2016-01-11: Subscribe
by Urwin, Paul
This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of JPMorgan Chase & Co., its subsidiaries and affiliates (collectively, "JPMC").
This transmission may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMC for any loss or damage arising in any way from its use. Please note that any electronic communication that is conducted within or through JPMC's systems is subject to interception, monitoring, review, retention and external production in accordance with JPMC's policy and local laws, rules and regulations; may be stored or otherwise processed in countries other than the country in which you are located; and will be treated in accordance with JPMC policies and applicable laws and regulations.
Please refer to http://www.jpmorgan.com/pages/disclosures for disclosures relating to European legal entities.
8 years, 4 months
SSG_CWS 2016-01-11: Subscribe
by Woolsgrove, Simon
This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of JPMorgan Chase & Co., its subsidiaries and affiliates (collectively, "JPMC").
This transmission may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMC for any loss or damage arising in any way from its use. Please note that any electronic communication that is conducted within or through JPMC's systems is subject to interception, monitoring, review, retention and external production in accordance with JPMC's policy and local laws, rules and regulations; may be stored or otherwise processed in countries other than the country in which you are located; and will be treated in accordance with JPMC policies and applicable laws and regulations.
Please refer to http://www.jpmorgan.com/pages/disclosures for disclosures relating to European legal entities.
8 years, 4 months
NIST's HIPAA Security Rule Toolkit
by Shawn Wells
A colleague tipped me off to NIST's "HIPAA Security Rule Toolkit."
Quickly playing with their tool, it's a java-based GUI that embeds OCIL
checklists for HIPAA compliance.
http://scap.nist.gov/hipaa/
For example, a screen shot:
We've played with creating OCIL content for SSG in the past, at least
for select profiles like STIG/USGCB. Would inclusion of OCIL be
particularly useful to anyone?
Trying to think through this could actually be used...
- Perhaps STIG profile could extend a "STIG-OCIL" which reflects DISA
FSO organizational controls.
- Need some way to provide an "answers file," so that every scan does
not get asked 100+ questions
- If using downstream tooling (e.g. Satellite or ACAS?), scan a group of
systems ("ApplicationX in EnvironmentY") which provides "Application
Level" OCIL results, while endpoints are scanned against STIG
configuration baseline?
- Something else?
--
Shawn Wells
Office of the Chief Technologist
U.S. Public Sector
shawn(a)redhat.com | 443.534.0130
8 years, 4 months
[SSG_CWS 2016-01-11: Subscribe]
by Trey Henefield
Disclaimer
The information contained in this communication from trey.henefield(a)ultra-ats.com sent at 2016-01-04 08:58:04 is confidential and may be legally privileged.
It is intended solely for use by scap-security-guide(a)lists.fedorahosted.org and others authorized to receive it. If you are not scap-security-guide(a)lists.fedorahosted.org you are hereby notified that
any disclosure, copying, distribution or taking action in reliance of the contents of this information is strictly prohibited and may be unlawful.
8 years, 4 months