Michael Dickey wrote: > I don't want to usurp Tim's post, but with the mention of NIST, it > brings up a question I've always had. > > Does anyone truly adhere to and build systems based off NIST docs? I'm > not talking "inspired by" builds that take a handful of the settings and > use them, but actually building to the specs such that you can say your > build guide is NIST? This is a bit of a sanity check for me, as I'm > skeptical. > > Don't get me wrong, I'm not dissing NIST! They make for great reading! > (Usually.)
Folks in the DOD and US government surely do. We often get support requests to update out Nessus audit polices for Oracle and MS SQL configs within a day or two after DISA releases new content. As DISA makes more XCCDF content, I also think you will also see more adoption of those configuration audit settings commercially. -- Ron Gula, CEO Tenable Network Security _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
