James Kelly wrote: > I checked the Nessus/Tenable support site and didn't see a scap file for > Windows 2008. I noticed that the SCAP files were still in the beta stage. > Does anyone have a sense if it would be "reasonable" to use the Windows 2003 > files on Windows 2008. I've not had the chance yet to see Windows 2008 and I > don't know how similar it is to 2003.
We have 2008 content in development right now. However, if you want to get 2008 audits right away, you can use the i2a tool from our support portal and convert any .inf policy file for 2008 into a Nessus .audit file. It won't have rich content like the SCAP policies, but you will be able to quickly audit for these required or suggested settings. There are .inf hardening files for 2008 available from DISA and Microsoft at these links: http://iase.disa.mil/stigs/checklist/windows_2008_checklist_v6r1_2_20081226.zip http://www.microsoft.com/downloads/details.aspx?FamilyID=a46f1dbe-760c-4807-a82f-4f02ae3c97b0&displaylang=en (note - to get the Microsoft .inf hardening files for 2008, you need to install their GPO Accelerator) Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
