-----Original Message----- From: Trevor Vaughan [mailto:tvaughan@onyxpoint.com] Sent: Friday, April 08, 2016 9:51 AM
I should be able to *easily* start from a base, replace the parts that I need to, trace back to the original information, and set my own parameters.
- There should be a base CNSS 1253 policy that is the common XCCDF
ground
- Each branch should have their own derived CNSS 1253 policies that
override the requisite XCCDF and OVAL content as necessary
Nothing should be repeated that is not overridden
Overrides should be understood in the derived content
This should be easy...it's not (actually, it appears to be impossible without
tying yourself in knots)
This is my understanding of what tailoring files are intended to do, do they fall short in your use case?
Matt Micene DLT Solutions Solution Architect RHCA# 100-002-435 Direct 703-773-1195
On Thu, Mar 24, 2016 at 12:48 PM, Shawn Wells <shawn@redhat.com mailto:shawn@redhat.com > wrote:
On 3/23/16 6:25 AM, Jan Lieskovsky wrote:
Hello Daniel, thank you for contacting us. ----- Original Message ----- >From: "Dan
Warburton"<dan.warburton@jvncomm.com mailto:dan.warburton@jvncomm.com > >To: "SCAP Security Guide"<scap-security- guide@lists.fedorahosted.org mailto:scap-security- guide@lists.fedorahosted.org > >Sent: Tuesday, March 22, 2016 8:36:27 PM >Subject: cnssi No 1253 profile needed > > > > > > >http://static.open-scap.org/ssg-guides/ssg-rhel6- guide-nist-cl-il-al.html > >I cannot locate this guide. I have redhat scap- security-guide 0.10.21-3.el6 >which yum says is the latest.
This (CNSSI No. 1253) profile has been introduced starting
from upstream scap-security-guide-0.1.27 release: [1]https://github.com/OpenSCAP/scap-security- guide/releases/tag/v0.1.27
thus as such is not included in scap-security-guide-0.1.21-
3.el6 version yet you mention above.
> > >I think the profile for National Security Systems
Instruction (CNSSI) No. >1253, "Security Categorization and Control Selection for National Security >Systems"" > > > > > >How can I get this? rpm preferred
AFAIK Red Hat Enterprise Linux 6.8 Beta includes scap-
security-guide RPM based on upstream 0.1.28 version already:
http://www.redhat.com/en/about/blog/red-hat-
enterprise-linux-68-beta-now-available
therefore you can obtain the updated scap-security-guide
RPM from that release for now, till the moment Red Hat Enterprise Linux 6 Update 8 is generally available.
Hope this helps. Let us know if we can be of any further guidance.
Direct link to the beta RPM: https://access.redhat.com/downloads/content/rhel--- 6/x86_64/160/scap-security-guide/0.1.28-2.el6/noarch/f21541eb/package
In regards to a CNSSI profile, we're trying to sort out what that'd actually mean. NSA's CNSSI 12-53 is different than NRO, which is different than DISA... who's CNSSI 12-53 overlay to we follow? What would be most useful/applicable?
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org mailto:scap-security- guide@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/scap-security- guide@lists.fedorahosted.org https://github.com/OpenSCAP/scap-security-guide/
--
Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699
-- This account not approved for unencrypted proprietary information --