Thank you, that does help, but a few followup questions. In the SCAP
content on the
https://fedorahosted.org/scap-security-guide/ there are
several profiles in the ssg-rhel6-xccdf.xml:
server, stig-rhel6-server, usgcb-rhel6-server
I'm trying to understand if these are profiles that have been submitted
to NIST or DISA and are waiting for approval? Are these the accepted
baselines for a RH Server at this point? Should I use the usgcb or stig
profile? Just trying to wrap my head around this since we want to
start using one of these.
In your statement below "The DISA STIG content is based on the SCAP
Security Guide (SSG) content." Does that mean that the Content on the
https://fedorahosted.org/scap-security-guide/ was used by DISA to create
the Standalone XCCDF - RedHat 6 STIG, Version 1, Release 2"?
Obviously new to this and trying to understand. Thanks
On Wed, Dec 11, 2013, at 02:29 PM, Steinke, Leland J Sr CTR DISA FSO
(US) wrote:
The DISA STIG content is based on the SCAP Security Guide (SSG)
content.
DISA's STIG-creation processes and additional requirements have caused
some divergence in content between the STIG and the SSG. Getting the
actual content (as opposed to the way the content is formatted) in synch
is an ongoing effort. The difference in the XCCDF between the STIG and
the SSG is an artifact of the way SCAP has been implemented at DISA.
I hope this answers some of your questions.
Thanks,
Leland
--
Leland Steinke, Security+
DISA FSO Technical Support Contractor
tapestry technologies, Inc
717-267-5797 (DSN 570)
leland.j.steinke.ctr(a)mail.mil (gov't)
lsteinke(a)tapestrytech.com (com'l)
> -----Original Message-----
> From: scap-security-guide-bounces(a)lists.fedorahosted.org [mailto:scap-
> security-guide-bounces(a)lists.fedorahosted.org] On Behalf Of
> joescap(a)mm.st
> Sent: Tuesday, December 10, 2013 7:42 PM
> To: scap-security-guide(a)lists.fedorahosted.org
> Subject: Understanding Content
>
> We are considering using one of the RH6 profiles from the SCAP content
> on this site as a benchmark for our systems. I've looked over the site
> and still have a few questions.
>
> Is the content and profiles here based off the "Standalone XCCDF - Red
> Hat 6 STIG, Version 1, Release 2"? Or is this a completely unrelated
> effort? The "Standalone XCCDF - Red Hat 6 STIG, Version 1, Release 2"
> has 9 profiles ranging from MAC 1 to MAC 3, but they all have the same
> checks enabled, so not much help to me. How are the Profiles found in
> the SCAP content on this site determined? They seem to be good
> realistic
> profiles, but I'm just curious how the Profile configuration was
> determined. I am just trying to understand the relationship between
> the
> DISA Standalone XCCDF - Red Hat 6 STIG, Version 1, Release 2 and the
> content found on the
https://fedorahosted.org/scap-security-guide/
> site.
> _______________________________________________
> scap-security-guide mailing list
> scap-security-guide(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
_______________________________________________
scap-security-guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
Email had 1 attachment:
+ smime.p7s
7k (application/x-pkcs7-signature)