Hi Jordan, On Sun, Oct 07, 2018 at 11:06:32PM -0400, Jordan Caraballo wrote: > Hi folks, > > I recently sent this to the scap-security-guide mailing list, but I am > adding it here to get some advice.
I wasn't subscribed to that list until now, and will try to catch future question directly there. > Since we are looking to enhance the monitoring of our systems, I have plans > on enhancing and developing content for SLES 11/12 for the SCAP Security > Guide. While I know how to develop the content, I am not entirely sure of > where to find the guides for SLES to create the specific profiles or add > the rules. We are currently working on enhancing the scap-security-guide with SUSE content. > Does anyone know where to find a guide for the specific checks that require > a SLES system to be compliant? Any ideas? Is the CIS PDF benchmark an > option? A list of certifications can be found here: https://www.suse.com/de-de/support/security/certifications/ Right now I'm working on a STIG automation with OpenSCAP. A spreadsheet draft with details can already be accessed on our FTP server. A full publication is pending. ftp://ftp.suse.com/pub/projects/security/STIG/ Furthermore we have a PCI-DSS guide that is subject of a future SCAP implementation. The guide is publicly accessible via: https://www.suse.com/documentation/sles-12/singlehtml/pci-dss/pci-dss.html CIS benchmarks are currently not covered from our side. However, it should be possible to create a profile with existing tests to make them available via the scap-security-guide. Hope that answers most of your questions. Feel free to contact me here or directly if something is unclear. Regards, Alex~ -- Alexander Bergmann <[email protected]>, Security Engineer, GPG:9FFA4886 SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nürnberg)
signature.asc
Description: Digital signature
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
