On Fri, Feb 29, 2008 at 12:40 PM, Steve Grubb <[EMAIL PROTECTED]> wrote: > On Friday 29 February 2008 13:20:25 Edward F. Brown wrote: > > The problem is that these publications aren't just helpful 'guides', they > > are becoming authoritative reference standards for securely > > configuring RHEL5, a mandate for some of your enterprise customers. > > Its my understanding that its not meant to be this way. The NSA document > along > with some other documents are being consolidated to be the agency consensus > guidance. The resulting document will be the one SCAP work is based off of. > This document is just the best there is right now. >
I think it has to do more about how certain federal bureaucracies work. Congress/White House require a plan. The DHS/DOE/DOD/DOX come up with a proposed plan. DOX conveys a version of that plan to sub-agency MMDA for perusal. MMDA conveys that to MMDA site offices as a possible future implementation. MMDA site offices convey that to its offices as future needs. Offices convey that to internal organizations to implement for future audits in 6 months. Organizations implement which ever version of the plan they got, call each other and find out that everyone got a different one.. they decide there is a vast conspiracy for them to be downsized for failing the audit. Each group then tries to figure out how to come up on top. A Congressional fact-finding trip becomes viewed as an audit.. bad reviews are taken as articles of finding, etc. The game of telephone has gotten 6+ deep at this point. What was a MAY becomes a SHOULD becomes a MUST becomes an article of finding. Ed and 20,000 other system administrators have been given conflicting rules on what they should do because somewhere along the way someone forgot to tell them that they were supposed to clean up/help a swamp. They instead spend their days fighting snakes and alligators because thats all they see around them. Ok Friday afternoon memo-list email done. Back to work. -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
