Roger,
I appreciate you making the choice to join this group, and I hope that being exposed to
the process the SSG team is using will contribute to your organization making informed
decisions.
I need to be honest that your organizations's recent release of the draft Red Hat
Enterprise Linux 7 STIG has given me a bit of extra stress at my company, as many programs
that I support have been anticipating the STIG (and have identified risks associated with
the release and amount of work that could come along with it). It's been tricky trying
to explain to those programs how the draft relates to the output that Red Hat and the SSG
group has produced.
Could you take some time to explain the big picture on your release strategy for the RHEL7
STIG, and perhaps explain the big picture of the STIG process, the relationship and
expectations between DISA and vendors, and what help defense contractors like myself who
use vendor tools to produce solutions for the DoD can better work with your organization.
As an aside, it would also be nice if you could open the PKI only areas of the DISA
website available to contractor PKI cards.
Tom Albrecht, CISSP-ISSEP, GPEN
Cybersecurity Architect Staff
Lockheed Martin MST
Sent from my iPhone
> On Feb 4, 2016, at 9:47 PM, Roger Greenwell <greenwer(a)fedoraproject.org>
wrote:
>
> Community Participants,
>
> Earlier this week a post was made to this forum/thread that made disparaging comments
regarding DISA’s leadership over the STIG development process and our contractor’s support
in this effort. I want to share with this group that DISA government leadership is fully
in charge of our actions/decisions and our contract staff is there to provide support to
us.
>
> Having just signed into this forum tonight, I noted the following from Fedora’s Rules
of Conduct: “Be respectful. Not all of us will agree all the time, but disagreement is no
excuse for poor behavior and poor manners. We might all experience some frustration now
and then, but we cannot allow that frustration to turn into a personal attack. It's
important to remember that a community where people feel uncomfortable or threatened is
not a productive one.” To the author of this, WELL SAID!!!!
>
> Shawn Wells, in his post, noted that DISA has been a cooperative partner in the STIG
process. DISA greatly values the contributions and recommendations from Red Hat and
communities such as this, and it’s welcomed. I would simply ask that everyone please be
respectful. If there are concerns outside of the technical area associated with this,
please drop me a line and we can discuss. My email address is
roger.s.greenwell.civ(a)mail.mil.
>
> Respectfully,
> Roger Greenwell
> Chief, Cybersecurity – DISA
> --
> SCAP Security Guide mailing list
> scap-security-guide(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/admin/lists/scap-security-guide@lists.fedo...
>
https://github.com/OpenSCAP/scap-security-guide/