I think this is an *outstanding* idea. Most of my experience with the STIGs was tied to the old SRR scripts, and the learning curve on the new format has been steep. I'd also suggest to cover topics that have been addressed here a bit such as : False positives (both identification of said and how to refer suggestions/fixes back to SSG/Disa)
-Rob > -----Original Message----- > From: [email protected] > [mailto:[email protected]] > On Behalf Of Shawn Wells > Sent: Wednesday, February 20, 2013 2:06 PM > To: [email protected] > Subject: Interested in a SCAP Security Guide / STIG hack session? > > Over the past few months there has been a good bit of > off-list chatting about hosting a hack session/meetup for the > SSG. With the recent DISA publication of the draft STIG the > timing seems right. > > So, would anyone be interested in meeting up where we could > do things like: > - Share knowledge on the installation of SSG. How do I > run a scan? > How do I customize settings? How do I get a report that I can > show my ISSE/ISSM? How do I generate a Certification Test > Plan, based off my customized rules? > > - Go a bit deeper, and understand how the code works. > What is XCCDF? OVAL? OCIL? How do I add my own custom rules? > > - Prep your environment to submit patches back to the > SSG. How do I setup git? How do I create a FedoraHosted account? > > - Chat about what additional profiles are needed. How > should we handle CNSSI 12-53? What about PCI compliance? > > > I'd like to specifically go through the RHEL6 STIG content, > performing > scans and generating C&A artifacts. Part of the idea on this would be > attendees could take this setup home and use it to start providing > feedback against the draft STIG. > > What do you guys think? Good idea? What topics should be covered? > > Jeff and I were chatting, and we'll likely be able to host > either at the > Red Hat office in Tysons Corner, VA, or at the IAD Mobility Lab in > Annapolis Junction, MD. And there's nothing saying we wouldn't do two > sessions, one per location.... we can work all that out once > topics/agenda get sorted. > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
